Shorewall users - Nov 2004 - Problem with Shorewall/Routing VPN - LOC

Hello!

I configured a pptpserver on my firewall and followed the pptp-manual from 
Shorewall.

Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can ping this 
server via internal ip (and use it: add samba-shares, etc.).

Unfortunately I can''t connect to other hosts in my intranet (LOC).

Ping from vpn-client to clients in intranet fails, although Shorewall-Log shows 
an ACCEPT:
-->
Nov 10 12:47:48 gate kernel: Shorewall:vpn2all:ACCEPT:IN=ppp1 OUT=eth0 
SRC=192.168.10.234 DST=192.168.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=1700 
PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=2560
<--

Find further configuration information here:

/etc/shorewall/tunnels:
pptpserver              net
pptpserver              loc

/etc/shorewall/zones:
net     Net             Internet
loc     Local           Local Networks
vpn     VPN             VPN-Clients

/etc/shorewall/interfaces:
net     ppp0            detect          dhcp,routefilter,norfc1918,tcpflags
loc     eth0            detect          tcpflags
vpn     ppp+            -

/etc/shorewall/policy:
fw              net             ACCEPT
fw              loc             ACCEPT
loc             net             DROP            info
loc             fw              ACCEPT
loc             vpn             ACCEPT
vpn             all             ACCEPT          info
net             all             DROP            info
# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info

My routing-table:
192.168.10.234  *               255.255.255.255 UH    0      0        0 ppp1
217.5.98.67     *               255.255.255.255 UH    0      0        0 ppp0
192.168.10.0    *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         217.5.98.67     0.0.0.0         UG    0      0        0 ppp0


Is this a routing-problem or a configuration-problem of my Shorewall?

Thank you for your help,
kind regards,

         Jens Meyer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jens Meyer wrote:
> Hello!
> 
> I configured a pptpserver on my firewall and followed the pptp-manual
> from Shorewall.
> 
> Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can
> ping this server via internal ip (and use it: add samba-shares, etc.).
> 
> Unfortunately I can''t connect to other hosts in my intranet (LOC).
> 
My guess is that you forgot to specify ''proxyarp'' in your pppd
configuration -- you should be able to tell by using tcpdump on the
internal interface.

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBkj14O/MAbZfjDLIRAmrvAJ4uUO8yFkInPsAbEvBBg7F2J6b72ACeOZTS
u247Bv4+pPmU0Bkbo65NMJo=k6OI
-----END PGP SIGNATURE-----