[192.168.0.0/24 Lan] v [Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel 10.4.0.2] v [Internet] v [Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet loc Local Local networks dmz DMZ Demilitarized zone vpn VPN Remote Subnet root@statler:/etc/shorewall# cat interfaces | grep -v ^# net eth0 detect vpn tun1 detect root@statler:/etc/shorewall# cat tunnels | grep -v ^# openvpn:1194 net 0.0.0.0/0 root@statler:/etc/shorewall# root@statler:/etc/shorewall# shorewall version 2.0.13 And yet i get as below when telnetting to 10.4.0.1:25 from a host on my LAN. So i am prolly missing something simple here root@statler:/etc/exim# grep 192.168 /var/log/kern.log Jan 6 10:54:18 statler kernel: Shorewall:all2all:REJECT:IN=tun1 OUT= MAC= SRC=192.168.0.130 DST=10.4.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=25860 DF PROTO=TCP SPT=57652 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Jan 6 10:54:42 statler kernel: Shorewall:all2all:REJECT:IN=tun1 OUT= MAC= SRC=192.168.0.130 DST=10.4.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=60382 DF PROTO=TCP SPT=57653 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Jan 6 10:54:57 statler kernel: Shorewall:all2all:REJECT:IN=tun1 OUT= MAC= SRC=192.168.0.130 DST=10.4.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=21250 DF PROTO=TCP SPT=57654 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
On Thu, 2005-01-06 at 17:32 +0100, j2 wrote:> > > And yet i get as below when telnetting to 10.4.0.1:25 from a host on my LAN. > So i am prolly missing something simple here > > root@statler:/etc/exim# grep 192.168 /var/log/kern.log > Jan 6 10:54:18 statler kernel: Shorewall:all2all:REJECT:IN=tun1 OUT= MAC= > SRC=192.168.0.130 DST=10.4.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=25860 DF > PROTO=TCP SPT=57652 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0I don''t see why that is happening either. Please forward the output of "shorewall status" as an attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> I don''t see why that is happening either. Please forward the output of > "shorewall status" as an attachment.I will, when i get back to the office, i seem to have gotten a nasty throat infection.
j2 wrote:>> I don''t see why that is happening either. Please forward the output of >> "shorewall status" as an attachment. > > > I will, when i get back to the office, i seem to have gotten a nasty > throat infection. >Ouch -- hope you are feeling better. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> Ouch -- hope you are feeling better.I''m sure that the sek608 (approx us$100) of antibiotics helps.... Guess i wont buy the ThermalTake fanless PSU this month ;=)
> Ouch -- hope you are feeling better.Sorry for the alert, but it was all user error, i used the wrong IP when setting up the smart-host. My bad! (Can i blame the antibiotics?) :)
j2 wrote:>> Ouch -- hope you are feeling better. > > > Sorry for the alert, but it was all user error, i used the wrong IP when > setting up the smart-host. My bad! (Can i blame the antibiotics?) :)They cost enough that you should be able to blame them if you feel like it :) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key