Shorewall users - Jul 2004 - Set PPTP On firewall

I just try to use Shorewall yesterday. I want to config vpn clients (PPTP) to
use intranet resource.
I have local net 10.20.0.0/16 on eth0 and internet (static IP) on eth0. How to
set it to allow VPN client to:
    ping local network
    connect to intranet web service (squid on firewall)
    connect to share drive (SMB)
    connect to SQL server 2000

I can connect vpn client to POPTOP server but cannot ping local network or
connect to web service.


Thanks.

Prasit Gebsaap

Prasit Gebsaap wrote:
> I just try to use Shorewall yesterday. I want to config vpn clients (PPTP)
to use intranet resource.
> I have local net 10.20.0.0/16 on eth0 and internet (static IP) on eth0. How
to set it to allow VPN client to:
>     ping local network
>     connect to intranet web service (squid on firewall)
>     connect to share drive (SMB)
>     connect to SQL server 2000
> 
> I can connect vpn client to POPTOP server but cannot ping local network or
connect to web service.
Have you read the Shorewall PPTP documentation?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Yes, but I am not clear when pptpd extract the inner packet from  TCP packet
then it put it on ppp0. Am I correct? I have set to masq. from VPN (ppp0) to
local net to access local resource.

Prasit Gebsaap

----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Mailing List for Shorewall Users"
<shorewall-users@lists.shorewall.net>
Sent: Monday, July 05, 2004 12:58 AM
Subject: Re: [Shorewall-users] Set PPTP On firewall

> Prasit Gebsaap wrote:
>
> > I just try to use Shorewall yesterday. I want to config vpn clients
(PPTP) to use intranet resource.
> > I have local net 10.20.0.0/16 on eth0 and internet (static IP) on
eth0.
How to set it to allow VPN client to:
> >     ping local network
> >     connect to intranet web service (squid on firewall)
> >     connect to share drive (SMB)
> >     connect to SQL server 2000
> >
> > I can connect vpn client to POPTOP server but cannot ping local
network
or connect to web service.
>
> Have you read the Shorewall PPTP documentation?
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

Prasit Gebsaap wrote:
> Yes, but I am not clear when pptpd extract the inner packet from  TCP
packet
> then it put it on ppp0. Am I correct? I have set to masq. from VPN (ppp0)
to
> local net to access local resource. 
NO!

The documentation tells you EVERYTHING that you need to do. If it is not 
working then please submit a proper problem report.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Problem solved. It is the problem of SQUID configuration done by my
colleague.


Prasit Gebsaap

----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Mailing List for Shorewall Users"
<shorewall-users@lists.shorewall.net>
Sent: Monday, July 05, 2004 1:38 AM
Subject: Re: [Shorewall-users] Set PPTP On firewall

> Prasit Gebsaap wrote:
>
> > Yes, but I am not clear when pptpd extract the inner packet from  TCP
packet
> > then it put it on ppp0. Am I correct? I have set to masq. from VPN
(ppp0) to
> > local net to access local resource.
>
> NO!
>
> The documentation tells you EVERYTHING that you need to do. If it is not
> working then please submit a proper problem report.
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>