Nathan Gehman wrote:
> The reason I asked is I am unable to remote desktop over the VPN. With the
> rules as you sent them.
>
> Nothing shows up in the firewall logs however, until I close the dialup
> connection.
There is a potential routing problem when you try to use the remote
desktop -- is the workstation that you are trying to connect to via
remote desktop routing traffic for the laptop back through the VPN
server?>
> When I close the dialup connection from the Laptop, after the remote
desktop
> connection fails. the shorewall logs show a couple of
>
> FORWARD:REJECT In=ETH0 Out=ETH0 SRC=SonicWall DST=LaptopIP PROTO=UDP
SPT=500
> DPT=500
>
When you hang up, the ppp0 device on the dial-up server is removed and
the route to the laptop along with it. Hence when the dial-up server
receives traffic for the laptop, its routing table tells it to send the
traffic back out eth0 (not ETH0 as in the above bogus log message). The
/etc/shorewall/interfaces entry for eth0 doesn''t specify
''routeback'' so
Shorewall hasn''t set up any mechanism for handling eth0->eth0
traffic
and the traffic gets logged and rejected out of the FORWARD chain (see
FAQ 17).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
