Hello, I''m using Mandriva LE 2006 with shorewall 2.4.1. It works fine, but I just have one little problem: My linux server (192.168.0.1) is the gateway, and I have one laptop in my LAN (192.168.0.2). On my laptop I have installed "The greenbow" which is a VPN IPSec client (The VPN client create a tunnel and give me in it the IP address 192.168.3.50). The VPN tunnel is created, but after that I can''t access to a Terminal Server (192.168.1.100) with the RDP client. I always receive a "timeout error" message. Here are my rules for this: #VPN IPSEC ACCEPT loc net udp 500 DNAT net loc:192.168.0.2 udp 500 #TSE RDP client ACCEPT loc net tcp 3389 I also modified the file "masq" in /etc/shorewall in order to have a NAT between the LAN and the NET. ppp0 eth0 Is it a firewall misconfiguration, or should I change something to the routes of the gateway ? Is it due to the IP address that the VPN client gives me ? How can I fix it ? Kindest regards, Matthieu
Matthieu Appenzeller wrote:> Hello, > > > > > > I''m using Mandriva LE 2006 with shorewall 2.4.1. It works fine, but I just > have one little problem: > > > > My linux server (192.168.0.1) is the gateway, and I have one laptop in my > LAN (192.168.0.2). On my laptop I have installed "The greenbow" which is a > VPN IPSec client (The VPN client create a tunnel and give me in it the IP > address 192.168.3.50). The VPN tunnel is created, but after that I can''t > access to a Terminal Server (192.168.1.100) with the RDP client. I always > receive a "timeout error" message.<snip>> > Is it a firewall misconfiguration, or should I change something to the > routes of the gateway ? Is it due to the IP address that the VPN client > gives me ? How can I fix it ? > >Where is the terminal server located? Jerry ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hi, This terminal server is located in the network I''m reaching through the VPN tunnel. The remote network has for IP address 192.168.1.0/24. Matthieu Matthieu Appenzeller wrote:> Hello, > > > > > > I''m using Mandriva LE 2006 with shorewall 2.4.1. It works fine, but I just > have one little problem: > > > > My linux server (192.168.0.1) is the gateway, and I have one laptop in my > LAN (192.168.0.2). On my laptop I have installed "The greenbow" which is a > VPN IPSec client (The VPN client create a tunnel and give me in it the IP > address 192.168.3.50). The VPN tunnel is created, but after that I can''t > access to a Terminal Server (192.168.1.100) with the RDP client. I always > receive a "timeout error" message.<snip>> > Is it a firewall misconfiguration, or should I change something to the > routes of the gateway ? Is it due to the IP address that the VPN client > gives me ? How can I fix it ? > >Where is the terminal server located? Jerry ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Matthieu Appenzeller wrote:> Hi, > > This terminal server is located in the network I''m reaching through the VPN > tunnel. The remote network has for IP address 192.168.1.0/24. > > Matthieu > >Doesn''t sound like a shorewall issue, your vpn client has 192.168.3.50 for the tunnel, can you ping anything on 192.168.1.0/24? If not, sounds like you may need to add a route to 192.168.1.0/24 through the vpn interface. Jerry ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642