Hi I have two problems: 1. I am not able to connect to the local server (192.168.1.231) NATed to dmz (66.104.50.139) from any of the openvpn tunnels (resb/resp/rssb) where as I am able to connect / ping to all my other local computers from these tunnels. 2. I have opened up port 1723 for one of my local computers to a vpn server (I think it is a MS vpn server) in rules, but the user is not able to gain access to the server - log enclosed. Any help is appreciated. Thanks, DK ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Sorry, I forgot to mention that the web services (on port 8080) running on this local server are accessble from the internet and local PCs. Thanks again, DK On 7/25/06, Dubba Kor <dubbakor@gmail.com> wrote:> > Hi > > I have two problems: > > 1. I am not able to connect to the local server (192.168.1.231) NATed to > dmz (66.104.50.139) from any of the openvpn tunnels (resb/resp/rssb) where > as I am able to connect / ping to all my other local computers from these > tunnels. > 2. I have opened up port 1723 for one of my local computers to a vpn > server (I think it is a MS vpn server) in rules, but the user is not able to > gain access to the server - log enclosed. > > Any help is appreciated. > > Thanks, > DK > >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Dubba Kor wrote:> Hi > > I have two problems: > > 1. I am not able to connect to the local server (192.168.1.231) NATed to > dmz > (66.104.50.139) from any of the openvpn tunnels (resb/resp/rssb) where as I > am able to connect / ping to all my other local computers from these > tunnels.Are you trying to connect using 192.168.1.231 or 66.104.50.139? If the latter, do the client systems have a route through the VPN to 66.104.50.139?> 2. I have opened up port 1723 for one of my local computers to a vpn server > (I think it is a MS vpn server) in rules, but the user is not able to gain > access to the server - log enclosed.> > messages:Jul 25 12:41:57 raksha kernel: Shorewall:loc2net:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.113 DST=192.217.231.242 LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=19927 PROTO=47 >You also need to allow GRE (Protocol 47). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> From: Tom Eastep <teastep@shorewall.net> > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Date: Tue, 25 Jul 2006 13:34:14 -0700 > Subject: Re: [Shorewall-users] NATed server - unable to connect thru'' vpn > Dubba Kor wrote: > > Hi > > > > I have two problems: > > > > 1. I am not able to connect to the local server (192.168.1.231) NATed to > > dmz > > (66.104.50.139) from any of the openvpn tunnels (resb/resp/rssb) where as > I > > am able to connect / ping to all my other local computers from these > > tunnels. > > Are you trying to connect using 192.168.1.231 or 66.104.50.139? If the > latter, > do the client systems have a route through the VPN to 66.104.50.139?I am trying to connect to 192.168.1.231 from 192.168.10.0 (tun1 interface, resb zone) network. I am able to connect to rest of the 192.168.1.0 network from 192.168.10.0 but for this only NATed server 192.168.1.231. The same is true for 192.168.50.0 (tun2, rssb) and 192.168.100.0 (tun3, resp) networks also.> > > 2. I have opened up port 1723 for one of my local computers to a vpn > server > > (I think it is a MS vpn server) in rules, but the user is not able to gain > > access to the server - log enclosed. > > > > > messages:Jul 25 12:41:57 raksha kernel: > Shorewall:loc2net:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.113 > DST=192.217.231.242 LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=19927 PROTO=47 > > > > You also need to allow GRE (Protocol 47). >I will do this and update. Thanks ! ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Dubba Kor wrote:>> > > I am trying to connect to 192.168.1.231 from 192.168.10.0 (tun1 > interface, resb zone) network. I am able to connect to rest of the > 192.168.1.0 network from 192.168.10.0 but for this only NATed server > 192.168.1.231. > > The same is true for 192.168.50.0 (tun2, rssb) and 192.168.100.0 > (tun3, resp) networks also. >Does it work if you temporarily "shorewall clear"? (be sure to "shorewall start" after the test). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Fri, Jul 28, 2006 at 2:08pm Dubba Kor wrote:> Sorry, I forgot to mention that the web services (on port 8080)running on> this local server are accessble from the internet and local PCs.Yes -- I also confirmed that I could connect to SSH :-) -Tom ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV