Hello,
I''m having a really hard time trying to configure shorewall to allow
bridged
vpn traffic in the local subnet. I''m using openvpn v2.0.9 , Shorewall
v4.0.10 with the Shorewall-Perl compiler on a dedicated Debian 2.6.18
system.
The firewall is a three interface setup with:
eth0 = loc
eth1 = dmz
eth2 = net
My Openvpn client (XP) seems to connect ok, the tap interface gets assigned
an ip, but I am unable to ping anything in the subnet.
If you can shed some light on this for me I would be very grateful. Please
let me know if you need to see anything else.
The output of "brctl show" is:
bridge name bridge id STP enabled interfaces
br0 8000.00010287046a no eth0
tap0
--------------------------------------------------------------------------------------
Here''s a look at my shorewall setup:
shorewall/zones:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS
OPTIONS
fw firewall
road ipv4
net ipv4
loc ipv4
dmz ipv4
-----------------------------------
shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth2 detect
tcpflags,dhcp,routefilter,nosmurfs,logmartians,routeback
loc br0 detect
dhcp,bridge,routeback,routefilter
dmz eth1 detect routeback
----------------------------------
shorewall/masq:
#INTERFACE SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK
eth2 br0
eth2 eth1
---------------------------------
Thank You,
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php