Hi. I configured a pptpd server and my /etc/shorewall/tunnels file is the following: #TYPE ZONE GATEWAY GATEWAY # ZONE pptpserver net 0.0.0.0/0 - I can connect to the VPN server, but I can''t reach the machines in my LAN (the "loc" zone in Shorewall). Do you think it is a problem with Shorewall or the pptpd server? Could you help me please? Thank you very much. Bye! ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Thu, 15 Nov 2007 15:01:10 +0100, shacky83@gmail.com said:> Do you think it is a problem with Shorewall or the pptpd server?Not enough information. I suggest you follow the advice re asking for support as detailed on the Shorewall website, and attach a Shorwewall dump. Keith -- Keith Edmunds --------------------------------------------------------------- Tiger Computing is looking for a Linux Support Consultant - see http://www.tiger-computing.co.uk/page?27 --------------------------------------------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
PPTP requires a port 1723/tcp (aka pptp) to be open, along with IP protocol GRE for it to work. So, in essence, the /etc/shorewall/rules file should be something like this: ACCEPT wan fw tcp pptp ACCEPT wan fw gre However, I believe a more ellegant solution is to define it in the /etc/shorewall/tunnels, as example 6 demonstrates in the man page of shorewall-tunnels So, something like this: pptpserver wan Naturally, make sure that your /etc/shorewall/policy default reject/drop rule is logged somewhere, and tail your message log (/var/log/messages) if you''re not using ulogd to see the rejected packets, and simply tweak accordingly. Cheers Kris On 11/15/07, Keith Edmunds <kae@midnighthax.com> wrote:> > On Thu, 15 Nov 2007 15:01:10 +0100, shacky83@gmail.com said: > > > Do you think it is a problem with Shorewall or the pptpd server? > > Not enough information. I suggest you follow the advice re asking for > support as detailed on the Shorewall website, and attach a Shorwewall > dump. > > Keith > > -- > Keith Edmunds > > --------------------------------------------------------------- > Tiger Computing is looking for a Linux Support Consultant - see > http://www.tiger-computing.co.uk/page?27 > --------------------------------------------------------------- > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
shacky wrote:> Hi. > I configured a pptpd server and my /etc/shorewall/tunnels file is the following: > > #TYPE ZONE GATEWAY GATEWAY > # ZONE > pptpserver net 0.0.0.0/0 - > > I can connect to the VPN server, but I can''t reach the machines in my > LAN (the "loc" zone in Shorewall). > Do you think it is a problem with Shorewall or the pptpd server? > > Could you help me please?http://www.shorewall.net/PPTP.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
I solved it, I didn''t allowed the VPN to access the loc zone and viceversa... I was stupid! :-) Thank you very much! Bye!! ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/