Hi I am trying to connect from 10.64.64.6 on the openvpn, to 10.32.64.13 on the local lan, and niether that, nore even pinging 10.64.64.1(the vpn server, which is also the shorewall box), returns. says detination unreachable. Attached is the shorewall dump file Any insight would be great ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Andrew Stevens wrote:> Hi I am trying to connect from 10.64.64.6 on the openvpn, to > 10.32.64.13 on the local lan, and niether that, nore even pinging > 10.64.64.1(the vpn server, which is also the shorewall box), returns. > says detination unreachable.You are not accepting any connections from vpn->loc and you are not accepting ping from vpn->fw. In both cases, the applicable policy is REJECT and the only relevant rule is to accept SSH from vpn->fw. Your firewall is doing exactly what you have told it to. It would be useful if you would set LOGFILE to point to ulogd''s log; that way, "shorewall show log" would have shown you what was being rejected and a quick look at Shorewall FAQ 17 would have explained why. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
-----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, July 28, 2009 10:18 AM To: Shorewall Users Subject: Re: [Shorewall-users] FW: issue with shorewall and vpn [snip] It would be useful if you would set LOGFILE to point to ulogd''s log; that way, "shorewall show log" would have shown you what was being rejected and a quick look at Shorewall FAQ 17 would have explained why. [snip] hi, tom, as a linux newbie, that sounds great, but i have no idea how to do this. sure would like to for future troubleshooting (everything''s working fine, AFAIK, on my present installation). so for me and all the other dummies out there, can you expand on this suggestion or point us to a relevant resource? once again, thanks for all the hard work you''ve put into this project. --cz ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Chris J. Zahller wrote:> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Tuesday, July 28, 2009 10:18 AM > To: Shorewall Users > Subject: Re: [Shorewall-users] FW: issue with shorewall and vpn > > [snip] > > It would be useful if you would set LOGFILE to point to ulogd''s log; > that way, "shorewall show log" would have shown you what was being > rejected and a quick look at Shorewall FAQ 17 would have explained why. > > [snip] > > hi, tom, > > as a linux newbie, that sounds great, but i have no idea how to do this. > sure would like to for future troubleshooting (everything''s working fine, > AFAIK, on my present installation). so for me and all the other dummies out > there, can you expand on this suggestion or point us to a relevant resource?man shorewall.conf or go to www.shorewall.net and type LOGFILE in the search form in the upper right corner. The Shorewall Documentation article that deals with logging in general is http://www.shorewall.net/shorewall_logging.html. A web page that every Shorewall user should bookmark is http://www.shorewall.net/Documentation_Index.html. That page gives an alphabetical index of the Shorewall documentation. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july