Hello, I have in /etc/shorewall/tunnels: pptpserver net 78.60.246.96 I cannot connect from 78.60.246.96 to pptpd server running on my fw: SRC=78.60.246.96 DST=88.x.x.x LEN=52 TOS=0x00 PREC=0x20 TTL=123 ID=28102 DF PROTO=TCP SPT=19807 DPT=1723 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1 # iptables -L -n |grep 78.60.246.96 ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 Then I add to the rules file: ACCEPT net:78.60.246.96 fw tcp 1723 # iptables -L -n |grep 78.60.246.96 ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 ACCEPT tcp -- 78.60.246.96 0.0.0.0/0 tcp dpt:1723 And now I can connect. shorewall 4.5.4. Regards, Nerijus ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 05/29/2012 05:32 AM, Nerijus Baliunas wrote:> Hello, > > I have in /etc/shorewall/tunnels: > pptpserver net 78.60.246.96 > > I cannot connect from 78.60.246.96 to pptpd server running on my fw: > SRC=78.60.246.96 DST=88.x.x.x LEN=52 TOS=0x00 PREC=0x20 TTL=123 ID=28102 DF PROTO=TCP SPT=19807 DPT=1723 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1 > > # iptables -L -n |grep 78.60.246.96 > ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 > ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 > ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 > > Then I add to the rules file: > ACCEPT net:78.60.246.96 fw tcp 1723 > > # iptables -L -n |grep 78.60.246.96 > ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 > ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 > ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 > ACCEPT tcp -- 78.60.246.96 0.0.0.0/0 tcp dpt:1723 > > And now I can connect. shorewall 4.5.4.The pptpserver tunnel type was actually being configured as a pptp client. Patch attached. patch /usr/share/shorewall/Shorewall/Tunnels.pm > PPTP.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 05/29/2012 06:46 AM, Tom Eastep wrote:> > The pptpserver tunnel type was actually being configured as a pptp > client. Patch attached. > > patch /usr/share/shorewall/Shorewall/Tunnels.pm > PPTP.patch >patch /usr/share/shorewall/Shorewall/Tunnels.pm < PPTP.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On Tue, 29 May 2012 07:12:03 -0700 Tom Eastep <teastep@shorewall.net> wrote:> patch /usr/share/shorewall/Shorewall/Tunnels.pm < PPTP.patchIn my case it was patch /usr/share/perl5/vendor_perl/Shorewall/Tunnels.pm < PPTP.patch (Fedora 16) and yes, it works, thanks! Regards, Nerijus ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 5/29/12 1:17 PM, Nerijus Baliunas wrote:> On Tue, 29 May 2012 07:12:03 -0700 Tom Eastep <teastep@shorewall.net> wrote: > >> patch /usr/share/shorewall/Shorewall/Tunnels.pm < PPTP.patch > > In my case it was > patch /usr/share/perl5/vendor_perl/Shorewall/Tunnels.pm < PPTP.patch > (Fedora 16) and yes, it works, thanks!Thanks. I guess I need to start giving instructions like: . ./.shorewallrc patch ${PERLLIBDIR}/Shorewall/.... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/