Jørn Eriksen
2003-Aug-29 10:43 UTC
[Shorewall-users] Shorewall + Leaf + Pptpd + pptpd client(passtrough)
Hi there, I have a funny issue. I''m using a Leaf v1.2 and what to use both a pptp-server (poptop) and pass trough the box with a pptp client (comeing from a w2k-pro box). Now - when I configure Leaf just by changing the IP''s all works fine for Leaf & ppptp passtrough. However - as soon as I change Shorewall with the PPTP config [the PPTPd on you Firewall section] (http://www.shorewall.net/PPTP.htm) I find that the passtrough stop to work. I''ve tried loading the kernel module for PPTP tracking as well. Still no luck. It sort of make me wonder - is it possible to have both passtrough & PPPTd at the same time? Or have I just missed something totally obvious here? The Shorewall version is 1.4.2 Thanks & best regards J?rn
Tom Eastep
2003-Aug-29 10:54 UTC
[Shorewall-users] Shorewall + Leaf + Pptpd + pptpd client(passtrough)
On Fri, 2003-08-29 at 10:42, J?rn Eriksen wrote:> Hi there, > > I have a funny issue. I''m using a Leaf v1.2 and what to use both a > pptp-server (poptop) and pass trough the box with a pptp client (comeing > from a w2k-pro box).The zone in which the client exists is more interesting to us that what OS it runs.> Now - when I configure Leaf just by changing the > IP''s all works fine for Leaf & ppptp passtrough.Does any one else follow what J?rn is saying here? I don''t.> However - as soon as I > change Shorewall with the PPTP config [the PPTPd on you Firewall section] > (http://www.shorewall.net/PPTP.htm) I find that the passtrough stop to > work. > I''ve tried loading the kernel module for PPTP tracking as well. Still no > luck. It sort of make me wonder - is it possible to have both passtrough > & PPPTd at the same time? Or have I just missed something totally obvious > here? The Shorewall version is 1.4.2I still don''t understand the problem you hare trying to solve. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep
2003-Aug-29 11:30 UTC
[Shorewall-users] Shorewall + Leaf + Pptpd + pptpdclient(passtrough)
On Fri, 2003-08-29 at 11:12, J?rn Eriksen wrote:> Hi Tom, > > Thanks for the VERY fast answer. I''ll try to explain better. > 1. Have a Leaf V1.2 box with Shorewall 1.4.2 (let call it Firebox) > 2. Want to have a pptp server (poptop) working on Firebox at the same time > as I use a w2k client pasing trough Firebox using pptp to a remote pptp > server (puh - hope this is understandable - English is not my native > tounge)Yes, that''s clear.> 3. When I don''t touch the Shorewall config, but just assing IP addreses > etc in Leaf - the pptp passtrough from the w2k boks works 100%.The above is what I don''t understand. In your original post you said: Now - when I configure Leaf just by changing the IP''s all works fine for Leaf & ppptp passtrough. What exactly are you changing in LEAF? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Jørn Eriksen
2003-Aug-29 11:46 UTC
[Shorewall-users] Shorewall + Leaf + Pptpd + pptpdclient(passtrough)
Tom, you said:> What exactly are you changing in LEAF?I''m changing the ip''s (they reside in the /etc/network/interfaces file) or trough the Leaf menu system: 1- Netwrok Config. 1 - Interfaces file. I do that to get the static IP''s on eth0. As the Leaf box is my primary FW I also do change dnscache/dhcpd etc - however I belive that should not have anything to do in this case. Did I write clearly on what I had changed in Shorewall? Best regards Jorn> On Fri, 2003-08-29 at 11:12, J?rn Eriksen wrote: >> Hi Tom, >> >> Thanks for the VERY fast answer. I''ll try to explain better. >> 1. Have a Leaf V1.2 box with Shorewall 1.4.2 (let call it Firebox) >> 2. Want to have a pptp server (poptop) working on Firebox at the same >> time >> as I use a w2k client pasing trough Firebox using pptp to a remote pptp >> server (puh - hope this is understandable - English is not my native >> tounge) > > Yes, that''s clear. > >> 3. When I don''t touch the Shorewall config, but just assing IP addreses >> etc in Leaf - the pptp passtrough from the w2k boks works 100%. > > The above is what I don''t understand. In your original post you said: > > Now - when I configure Leaf just by changing the > IP''s all works fine for Leaf & ppptp passtrough. > > What exactly are you changing in LEAF? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > >
Tom Eastep
2003-Aug-29 12:22 UTC
[Shorewall-users] Shorewall + Leaf + Pptpd + pptpdclient(passtrough)
On Fri, 29 Aug 2003, J?rn Eriksen wrote:> Tom, > > you said: > > What exactly are you changing in LEAF? > I''m changing the ip''s (they reside in the /etc/network/interfaces file) or > trough the Leaf menu system: > 1- Netwrok Config. > 1 - Interfaces file. > I do that to get the static IP''s on eth0. As the Leaf box is my primary > FW I also do change dnscache/dhcpd etc - however I belive that should not > have anything to do in this case. > > Did I write clearly on what I had changed in Shorewall? >Yes -- and I have no idea why it shouldn''t work. Please: a) shorewall reset b) try to connect using passthrough c) shorewall status > /tmp/status Send me the /tmp/status file. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net