Shorewall users - Mar 2004 - ADSL - ADSL / PPTP

Hi Guys,

Ive been struggling with a problem for a couple of days now, hopefully
someone can assist me. I think its mainly because i dont understand the
routing of a vpn and pptp tunnel.

I have two machines. Both are connected to the Internet via ADSL, so
interface ppp0.

Both machines are running shorewall 1.4.10b

Gateway A is my firewall machine, and as far as i''m aware, no special
changes need to be made to for me to use an internal computer to create
the tunnel.

Gateway B is the machine to where I am making the tunnel. Poptop is
running on the Firewall.

I can create the tunnel fine, I get assigned an IP address.


ppp0      Link encap:Point-to-Point Protocol  
          inet addr:192.168.1.235  P-t-P:192.168.1.252 
Mask:255.255.255.255


I am able to ping from my workstation, myself, Gateway B 192.168.1.252.

The problem really is I cant ping any Gateway B local addresses. ie.
192.168.1.1  (which does respond when on gateway B)


Routing Table
192.168.1.252   0.0.0.0         255.255.255.255 UH   ppp0
192.168.0.0    0.0.0.0         255.255.255.0   U     eth0
127.0.0.0     127.0.0.1       255.0.0.0       UG     lo 
0.0.0.0       192.168.0.254   0.0.0.0         UG        0 eth0


I added the route

192.168.1.0	0.0.0.0		255.255.255.255 UH  ppp0
but that still didnt help.


So i''m not sure what i''m missing. Why cant I access any of the
local IP
addresses?

I have posted my config''s below. If there is anything else you need
please let me know.

Please could you respond to me directly as I am not on the list.

Thanks very much,

Stefan



zones
#ZONE	DISPLAY		COMMENTS
net	Net		Internet
loc	Local		Local networks
vpn	VPN		Remote Users


interfaces
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
net     ppp0            detect          dhcp,routefilter,norfc1918
-	ppp1		-
loc     eth0            detect		dhcp

hosts
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
loc	ppp1:192.168.1.0/24	

tunnel
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
pptpserver		net	0.0.0.0/0

policy
#SOURCE		DEST		POLICY		LOG		LIMIT:BURST
#						LEVEL
loc		net		ACCEPT
net		all		DROP		info
fw  	        net             ACCEPT
fw		loc		ACCEPT
loc		loc		ACCEPT
loc		fw		ACCEPT

#fw		vpn		ACCEPT
#vpn		fw		ACCEPT
#vpn		loc		ACCEPT
#loc		vpn		ACCEPT

#
# THE FOLLOWING POLICY MUST BE LAST
#	
all		all		REJECT		info 


(as you can see i''ve been trying)

On Wednesday 10 March 2004 10:58 pm, Stefan Lesicnik
wrote:
> Hi Guys,
>
> Ive been struggling with a problem for a couple of days now, hopefully
> someone can assist me. I think its mainly because i dont understand the
> routing of a vpn and pptp tunnel.
>
> I have two machines. Both are connected to the Internet via ADSL, so
> interface ppp0.
>
> Both machines are running shorewall 1.4.10b
>
> Gateway A is my firewall machine, and as far as i''m aware, no
special
> changes need to be made to for me to use an internal computer to create
> the tunnel.
>
> Gateway B is the machine to where I am making the tunnel. Poptop is
> running on the Firewall.
>
> I can create the tunnel fine, I get assigned an IP address.
>
>
> ppp0      Link encap:Point-to-Point Protocol
>           inet addr:192.168.1.235  P-t-P:192.168.1.252
> Mask:255.255.255.255
>
>
> I am able to ping from my workstation, myself, Gateway B 192.168.1.252.
>
> The problem really is I cant ping any Gateway B local addresses. ie.
> 192.168.1.1  (which does respond when on gateway B)
>
>
> Routing Table
> 192.168.1.252   0.0.0.0         255.255.255.255 UH   ppp0
> 192.168.0.0    0.0.0.0         255.255.255.0   U     eth0
> 127.0.0.0     127.0.0.1       255.0.0.0       UG     lo
> 0.0.0.0       192.168.0.254   0.0.0.0         UG        0 eth0
>
>
> I added the route
>
> 192.168.1.0	0.0.0.0		255.255.255.255 UH  ppp0
> but that still didnt help.
Wrong route through the wrong device. You need a NET route to 192.168.1.0/24 
via 192.168.1.252.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net