Hi everybody, I am having this problem
I have 2 adsl in my firewall
adsl1 - eth1
ads2 - eth2
lan - eth0 192.168.10.0/24
and shorewall
Now I have installed pptpd in my firewall and works
My client connects without probem and can access local servers, also I can
ssh to my FW
The problem is that once connected to the vpn they can not access internet.
here is my conf:
etc/pptpd.conf
-------------------
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.10.80-89
remoteip 192.168.10.90-99
Shorewall
----------
interfaces
#ZONE INTERFACE OPTIONS
loc eth0
net ppp0
net ppp1
vpn ppp+
zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
vpn ipv4
rules
#VPN
ACCEPT net $FW tcp 1723
ACCEPT vpn $FW tcp 22
ACCEPT vpn net tcp http,https
ACCEPT vpn net udp 53
tunnels
#TYPE ZONE GATEWAY(S) GATEWAY
# ZONE(S)
pptpserver net 0.0.0.0/0
masq
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK USER/ SWITCH
#
GROUP
ppp1 192.168.10.0/24
ppp0 192.168.10.0/24
ppp+ 192.168.10.0/24
I dont know what I am doing wrong.
Any idea?
Really thanks
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I have this in my log Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp1 SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 TTL=254 ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 ppp2 = pptp ppp1 is one of my adsl On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com> wrote:> Hi everybody, I am having this problem > > I have 2 adsl in my firewall > adsl1 - eth1 > ads2 - eth2 > lan - eth0 192.168.10.0/24 > > and shorewall > > Now I have installed pptpd in my firewall and works > My client connects without probem and can access local servers, also I can > ssh to my FW > > The problem is that once connected to the vpn they can not access internet. > here is my conf: > > etc/pptpd.conf > ------------------- > option /etc/ppp/options.pptpd > logwtmp > localip 192.168.10.80-89 > remoteip 192.168.10.90-99 > > > Shorewall > ---------- > interfaces > #ZONE INTERFACE OPTIONS > loc eth0 > net ppp0 > net ppp1 > vpn ppp+ > > > zones > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > rules > #VPN > ACCEPT net $FW tcp 1723 > ACCEPT vpn $FW tcp 22 > ACCEPT vpn net tcp http,https > ACCEPT vpn net udp 53 > > > tunnels > #TYPE ZONE GATEWAY(S) GATEWAY > # ZONE(S) > pptpserver net 0.0.0.0/0 > > > > masq > #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK USER/ SWITCH > # > GROUP > > > ppp1 192.168.10.0/24 > ppp0 192.168.10.0/24 > ppp+ 192.168.10.0/24 > > > I dont know what I am doing wrong. > > Any idea? > > Really thanks > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Hi, Might be wrong, but add a zone also to tunnels? tunnels #TYPE ZONE GATEWAY(S) GATEWAY # ZONE(S) pptpserver net 0.0.0.0/0 On 6 September 2012 18:58, Nico Pagliaro <nicopag@gmail.com> wrote:> I have this in my log > Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp1 > SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 TTL=254 > ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 > > > ppp2 = pptp > ppp1 is one of my adsl > > > On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com> wrote: > >> Hi everybody, I am having this problem >> >> I have 2 adsl in my firewall >> adsl1 - eth1 >> ads2 - eth2 >> lan - eth0 192.168.10.0/24 >> >> and shorewall >> >> Now I have installed pptpd in my firewall and works >> My client connects without probem and can access local servers, also I >> can ssh to my FW >> >> The problem is that once connected to the vpn they can not access >> internet. >> here is my conf: >> >> etc/pptpd.conf >> ------------------- >> option /etc/ppp/options.pptpd >> logwtmp >> localip 192.168.10.80-89 >> remoteip 192.168.10.90-99 >> >> >> Shorewall >> ---------- >> interfaces >> #ZONE INTERFACE OPTIONS >> loc eth0 >> net ppp0 >> net ppp1 >> vpn ppp+ >> >> >> zones >> #ZONE TYPE OPTIONS IN OUT >> # OPTIONS OPTIONS >> fw firewall >> net ipv4 >> loc ipv4 >> vpn ipv4 >> >> rules >> #VPN >> ACCEPT net $FW tcp 1723 >> ACCEPT vpn $FW tcp 22 >> ACCEPT vpn net tcp http,https >> ACCEPT vpn net udp 53 >> >> >> tunnels >> #TYPE ZONE GATEWAY(S) GATEWAY >> # ZONE(S) >> pptpserver net 0.0.0.0/0 >> >> >> >> masq >> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) >> IPSEC MARK USER/ SWITCH >> # >> GROUP >> >> >> ppp1 192.168.10.0/24 >> ppp0 192.168.10.0/24 >> ppp+ 192.168.10.0/24 >> >> >> I dont know what I am doing wrong. >> >> Any idea? >> >> Really thanks >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
My bad...getting tired... I meant gateway. :) Apologies. On 6 September 2012 19:19, Gábor Majoros <mersaint@gmail.com> wrote:> Hi, > > Might be wrong, but add a zone also to tunnels? > > tunnels > #TYPE ZONE GATEWAY(S) GATEWAY > # ZONE(S) > pptpserver net 0.0.0.0/0 > > > > On 6 September 2012 18:58, Nico Pagliaro <nicopag@gmail.com> wrote: > >> I have this in my log >> Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp1 >> SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 TTL=254 >> ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 >> >> >> ppp2 = pptp >> ppp1 is one of my adsl >> >> >> On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com> wrote: >> >>> Hi everybody, I am having this problem >>> >>> I have 2 adsl in my firewall >>> adsl1 - eth1 >>> ads2 - eth2 >>> lan - eth0 192.168.10.0/24 >>> >>> and shorewall >>> >>> Now I have installed pptpd in my firewall and works >>> My client connects without probem and can access local servers, also I >>> can ssh to my FW >>> >>> The problem is that once connected to the vpn they can not access >>> internet. >>> here is my conf: >>> >>> etc/pptpd.conf >>> ------------------- >>> option /etc/ppp/options.pptpd >>> logwtmp >>> localip 192.168.10.80-89 >>> remoteip 192.168.10.90-99 >>> >>> >>> Shorewall >>> ---------- >>> interfaces >>> #ZONE INTERFACE OPTIONS >>> loc eth0 >>> net ppp0 >>> net ppp1 >>> vpn ppp+ >>> >>> >>> zones >>> #ZONE TYPE OPTIONS IN OUT >>> # OPTIONS OPTIONS >>> fw firewall >>> net ipv4 >>> loc ipv4 >>> vpn ipv4 >>> >>> rules >>> #VPN >>> ACCEPT net $FW tcp 1723 >>> ACCEPT vpn $FW tcp 22 >>> ACCEPT vpn net tcp http,https >>> ACCEPT vpn net udp 53 >>> >>> >>> tunnels >>> #TYPE ZONE GATEWAY(S) GATEWAY >>> # ZONE(S) >>> pptpserver net 0.0.0.0/0 >>> >>> >>> >>> masq >>> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) >>> IPSEC MARK USER/ SWITCH >>> # >>> GROUP >>> >>> >>> ppp1 192.168.10.0/24 >>> ppp0 192.168.10.0/24 >>> ppp+ 192.168.10.0/24 >>> >>> >>> I dont know what I am doing wrong. >>> >>> Any idea? >>> >>> Really thanks >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Gabor, I dont understand you. i have enable this in sysctl.conf net.ipv4.ip_forward = 1 but I did not restart yet. perhaps this fix this problem On Thu, Sep 6, 2012 at 3:25 PM, Gábor Majoros <mersaint@gmail.com> wrote:> My bad...getting tired... > > I meant gateway. :) > > Apologies. > > > On 6 September 2012 19:19, Gábor Majoros <mersaint@gmail.com> wrote: > >> Hi, >> >> Might be wrong, but add a zone also to tunnels? >> >> tunnels >> #TYPE ZONE GATEWAY(S) GATEWAY >> # ZONE(S) >> pptpserver net 0.0.0.0/0 >> >> >> >> On 6 September 2012 18:58, Nico Pagliaro <nicopag@gmail.com> wrote: >> >>> I have this in my log >>> Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> OUT=ppp1 SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 >>> TTL=254 ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 >>> >>> >>> ppp2 = pptp >>> ppp1 is one of my adsl >>> >>> >>> On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com>wrote: >>> >>>> Hi everybody, I am having this problem >>>> >>>> I have 2 adsl in my firewall >>>> adsl1 - eth1 >>>> ads2 - eth2 >>>> lan - eth0 192.168.10.0/24 >>>> >>>> and shorewall >>>> >>>> Now I have installed pptpd in my firewall and works >>>> My client connects without probem and can access local servers, also I >>>> can ssh to my FW >>>> >>>> The problem is that once connected to the vpn they can not access >>>> internet. >>>> here is my conf: >>>> >>>> etc/pptpd.conf >>>> ------------------- >>>> option /etc/ppp/options.pptpd >>>> logwtmp >>>> localip 192.168.10.80-89 >>>> remoteip 192.168.10.90-99 >>>> >>>> >>>> Shorewall >>>> ---------- >>>> interfaces >>>> #ZONE INTERFACE OPTIONS >>>> loc eth0 >>>> net ppp0 >>>> net ppp1 >>>> vpn ppp+ >>>> >>>> >>>> zones >>>> #ZONE TYPE OPTIONS IN OUT >>>> # OPTIONS OPTIONS >>>> fw firewall >>>> net ipv4 >>>> loc ipv4 >>>> vpn ipv4 >>>> >>>> rules >>>> #VPN >>>> ACCEPT net $FW tcp 1723 >>>> ACCEPT vpn $FW tcp 22 >>>> ACCEPT vpn net tcp http,https >>>> ACCEPT vpn net udp 53 >>>> >>>> >>>> tunnels >>>> #TYPE ZONE GATEWAY(S) GATEWAY >>>> # ZONE(S) >>>> pptpserver net 0.0.0.0/0 >>>> >>>> >>>> >>>> masq >>>> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) >>>> IPSEC MARK USER/ SWITCH >>>> # >>>> GROUP >>>> >>>> >>>> ppp1 192.168.10.0/24 >>>> ppp0 192.168.10.0/24 >>>> ppp+ 192.168.10.0/24 >>>> >>>> >>>> I dont know what I am doing wrong. >>>> >>>> Any idea? >>>> >>>> Really thanks >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today''s security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
you can enable it without restart echo 1 > /proc/sys/net/ipv4/ip_forward T.Bogdan SysAdmin tbogdan<.a|t.>direkt.ro ------------------- www.direkt.ro www.first-car.ro On 06-09-12 9:42 PM, Nico Pagliaro wrote:> Gabor, I dont understand you. > i have enable this in sysctl.conf > net.ipv4.ip_forward = 1 > > but I did not restart yet. perhaps this fix this problem > > On Thu, Sep 6, 2012 at 3:25 PM, Gábor Majoros <mersaint@gmail.com > <mailto:mersaint@gmail.com>> wrote: > > My bad...getting tired... > > I meant gateway. :) > > Apologies. > > > On 6 September 2012 19:19, Gábor Majoros <mersaint@gmail.com > <mailto:mersaint@gmail.com>> wrote: > > Hi, > > Might be wrong, but add a zone also to tunnels? > > tunnels > #TYPE ZONE GATEWAY(S) > GATEWAY > # > ZONE(S) > pptpserver net 0.0.0.0/0 <http://0.0.0.0/0> > > > > On 6 September 2012 18 <tel:2012%2018>:58, Nico Pagliaro > <nicopag@gmail.com <mailto:nicopag@gmail.com>> wrote: > > I have this in my log > Sep 6 15:42:17 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp1 SRC=192.168.10.90 > DST=200.40.30.245 <tel:200.40.30.245> LEN=70 TOS=0x00 > PREC=0x00 TTL=254 ID=34532 PROTO=UDP SPT=54024 <tel:54024> > DPT=53 LEN=50 > > > ppp2 = pptp > ppp1 is one of my adsl > > > On Thu, Sep 6, 2012 <tel:2012> at 12:53 PM, Nico Pagliaro > <nicopag@gmail.com <mailto:nicopag@gmail.com>> wrote: > > Hi everybody, I am having this problem > > I have 2 adsl in my firewall > adsl1 - eth1 > ads2 - eth2 > lan - eth0 192.168.10.0/24 <http://192.168.10.0/24> > > and shorewall > > Now I have installed pptpd in my firewall and works > My client connects without probem and can access local > servers, also I can ssh to my FW > > The problem is that once connected to the vpn they can > not access internet. > here is my conf: > > etc/pptpd.conf > ------------------- > option /etc/ppp/options.pptpd > logwtmp > localip 192.168.10.80-89 > remoteip 192.168.10.90-99 > > > Shorewall > ---------- > interfaces > #ZONE INTERFACE OPTIONS > loc eth0 > net ppp0 > net ppp1 > vpn ppp+ > > > zones > #ZONE TYPE OPTIONS IN > OUT > # OPTIONS > OPTIONS > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > rules > #VPN > ACCEPT net $FW tcp 1723 > ACCEPT vpn $FW tcp 22 > ACCEPT vpn net tcp http,https > ACCEPT vpn net udp 53 > > > tunnels > #TYPE ZONE GATEWAY(S) > GATEWAY > # > ZONE(S) > pptpserver net 0.0.0.0/0 <http://0.0.0.0/0> > > > > masq > #INTERFACE:DEST SOURCE ADDRESS > PROTO PORT(S) IPSEC MARK USER/ SWITCH > # > GROUP > > > ppp1 192.168.10.0/24 <http://192.168.10.0/24> > ppp0 192.168.10.0/24 <http://192.168.10.0/24> > ppp+ 192.168.10.0/24 <http://192.168.10.0/24> > > > I dont know what I am doing wrong. > > Any idea? > > Really thanks > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s > security and > threat landscape has changed and how IT managers can > respond. Discussions > will include endpoint security, mobile security and the > latest in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
sysctl net.ipv4.ip_forward tells you root@grpgw:~# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 On 6 September 2012 19:42, Nico Pagliaro <nicopag@gmail.com> wrote:> Gabor, I dont understand you. > i have enable this in sysctl.conf > net.ipv4.ip_forward = 1 > > but I did not restart yet. perhaps this fix this problem > > On Thu, Sep 6, 2012 at 3:25 PM, Gábor Majoros <mersaint@gmail.com> wrote: > >> My bad...getting tired... >> >> I meant gateway. :) >> >> Apologies. >> >> >> On 6 September 2012 19:19, Gábor Majoros <mersaint@gmail.com> wrote: >> >>> Hi, >>> >>> Might be wrong, but add a zone also to tunnels? >>> >>> tunnels >>> #TYPE ZONE GATEWAY(S) GATEWAY >>> # ZONE(S) >>> pptpserver net 0.0.0.0/0 >>> >>> >>> >>> On 6 September 2012 18:58, Nico Pagliaro <nicopag@gmail.com> wrote: >>> >>>> I have this in my log >>>> Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>> OUT=ppp1 SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 >>>> TTL=254 ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 >>>> >>>> >>>> ppp2 = pptp >>>> ppp1 is one of my adsl >>>> >>>> >>>> On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com>wrote: >>>> >>>>> Hi everybody, I am having this problem >>>>> >>>>> I have 2 adsl in my firewall >>>>> adsl1 - eth1 >>>>> ads2 - eth2 >>>>> lan - eth0 192.168.10.0/24 >>>>> >>>>> and shorewall >>>>> >>>>> Now I have installed pptpd in my firewall and works >>>>> My client connects without probem and can access local servers, also I >>>>> can ssh to my FW >>>>> >>>>> The problem is that once connected to the vpn they can not access >>>>> internet. >>>>> here is my conf: >>>>> >>>>> etc/pptpd.conf >>>>> ------------------- >>>>> option /etc/ppp/options.pptpd >>>>> logwtmp >>>>> localip 192.168.10.80-89 >>>>> remoteip 192.168.10.90-99 >>>>> >>>>> >>>>> Shorewall >>>>> ---------- >>>>> interfaces >>>>> #ZONE INTERFACE OPTIONS >>>>> loc eth0 >>>>> net ppp0 >>>>> net ppp1 >>>>> vpn ppp+ >>>>> >>>>> >>>>> zones >>>>> #ZONE TYPE OPTIONS IN OUT >>>>> # OPTIONS OPTIONS >>>>> fw firewall >>>>> net ipv4 >>>>> loc ipv4 >>>>> vpn ipv4 >>>>> >>>>> rules >>>>> #VPN >>>>> ACCEPT net $FW tcp 1723 >>>>> ACCEPT vpn $FW tcp 22 >>>>> ACCEPT vpn net tcp http,https >>>>> ACCEPT vpn net udp 53 >>>>> >>>>> >>>>> tunnels >>>>> #TYPE ZONE GATEWAY(S) GATEWAY >>>>> # ZONE(S) >>>>> pptpserver net 0.0.0.0/0 >>>>> >>>>> >>>>> >>>>> masq >>>>> #INTERFACE:DEST SOURCE ADDRESS PROTO >>>>> PORT(S) IPSEC MARK USER/ SWITCH >>>>> # >>>>> GROUP >>>>> >>>>> >>>>> ppp1 192.168.10.0/24 >>>>> ppp0 192.168.10.0/24 >>>>> ppp+ 192.168.10.0/24 >>>>> >>>>> >>>>> I dont know what I am doing wrong. >>>>> >>>>> Any idea? >>>>> >>>>> Really thanks >>>>> >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today''s security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> Shorewall-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>> >>>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Here is my conf : #TYPE ZONE GATEWAY GATEWAY # ZONE pptpserver net 0.0.0.0/0 ppgrp works more or less. Some sites do not load (net bank :) ) but generally at least some works. On 6 September 2012 19:55, Gábor Majoros <mersaint@gmail.com> wrote:> sysctl net.ipv4.ip_forward tells you > > root@grpgw:~# sysctl net.ipv4.ip_forward > net.ipv4.ip_forward = 1 > > > On 6 September 2012 19:42, Nico Pagliaro <nicopag@gmail.com> wrote: > >> Gabor, I dont understand you. >> i have enable this in sysctl.conf >> net.ipv4.ip_forward = 1 >> >> but I did not restart yet. perhaps this fix this problem >> >> On Thu, Sep 6, 2012 at 3:25 PM, Gábor Majoros <mersaint@gmail.com> wrote: >> >>> My bad...getting tired... >>> >>> I meant gateway. :) >>> >>> Apologies. >>> >>> >>> On 6 September 2012 19:19, Gábor Majoros <mersaint@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> Might be wrong, but add a zone also to tunnels? >>>> >>>> tunnels >>>> #TYPE ZONE GATEWAY(S) GATEWAY >>>> # ZONE(S) >>>> pptpserver net 0.0.0.0/0 >>>> >>>> >>>> >>>> On 6 September 2012 18:58, Nico Pagliaro <nicopag@gmail.com> wrote: >>>> >>>>> I have this in my log >>>>> Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> OUT=ppp1 SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 >>>>> PREC=0x00 TTL=254 ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50 >>>>> >>>>> >>>>> ppp2 = pptp >>>>> ppp1 is one of my adsl >>>>> >>>>> >>>>> On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <nicopag@gmail.com>wrote: >>>>> >>>>>> Hi everybody, I am having this problem >>>>>> >>>>>> I have 2 adsl in my firewall >>>>>> adsl1 - eth1 >>>>>> ads2 - eth2 >>>>>> lan - eth0 192.168.10.0/24 >>>>>> >>>>>> and shorewall >>>>>> >>>>>> Now I have installed pptpd in my firewall and works >>>>>> My client connects without probem and can access local servers, also >>>>>> I can ssh to my FW >>>>>> >>>>>> The problem is that once connected to the vpn they can not access >>>>>> internet. >>>>>> here is my conf: >>>>>> >>>>>> etc/pptpd.conf >>>>>> ------------------- >>>>>> option /etc/ppp/options.pptpd >>>>>> logwtmp >>>>>> localip 192.168.10.80-89 >>>>>> remoteip 192.168.10.90-99 >>>>>> >>>>>> >>>>>> Shorewall >>>>>> ---------- >>>>>> interfaces >>>>>> #ZONE INTERFACE OPTIONS >>>>>> loc eth0 >>>>>> net ppp0 >>>>>> net ppp1 >>>>>> vpn ppp+ >>>>>> >>>>>> >>>>>> zones >>>>>> #ZONE TYPE OPTIONS IN OUT >>>>>> # OPTIONS >>>>>> OPTIONS >>>>>> fw firewall >>>>>> net ipv4 >>>>>> loc ipv4 >>>>>> vpn ipv4 >>>>>> >>>>>> rules >>>>>> #VPN >>>>>> ACCEPT net $FW tcp 1723 >>>>>> ACCEPT vpn $FW tcp 22 >>>>>> ACCEPT vpn net tcp http,https >>>>>> ACCEPT vpn net udp 53 >>>>>> >>>>>> >>>>>> tunnels >>>>>> #TYPE ZONE GATEWAY(S) >>>>>> GATEWAY >>>>>> # >>>>>> ZONE(S) >>>>>> pptpserver net 0.0.0.0/0 >>>>>> >>>>>> >>>>>> >>>>>> masq >>>>>> #INTERFACE:DEST SOURCE ADDRESS PROTO >>>>>> PORT(S) IPSEC MARK USER/ SWITCH >>>>>> # >>>>>> GROUP >>>>>> >>>>>> >>>>>> ppp1 192.168.10.0/24 >>>>>> ppp0 192.168.10.0/24 >>>>>> ppp+ 192.168.10.0/24 >>>>>> >>>>>> >>>>>> I dont know what I am doing wrong. >>>>>> >>>>>> Any idea? >>>>>> >>>>>> Really thanks >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Live Security Virtual Conference >>>>> Exclusive live event will cover all the ways today''s security and >>>>> threat landscape has changed and how IT managers can respond. >>>>> Discussions >>>>> will include endpoint security, mobile security and the latest in >>>>> malware >>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>>> _______________________________________________ >>>>> Shorewall-users mailing list >>>>> Shorewall-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>>> >>>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today''s security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
See HINT comment Bogdan T. SysAdmin tbogdan<.a|t.>direkt.ro ---------------------------- www.direkt.ro www.first-car.ro On 06-09-12 6:53 PM, Nico Pagliaro wrote:> Hi everybody, I am having this problem > > I have 2 adsl in my firewall > adsl1 - eth1 > ads2 - eth2 > lan - eth0 192.168.10.0/24 <http://192.168.10.0/24> > > and shorewall > > Now I have installed pptpd in my firewall and works > My client connects without probem and can access local servers, also I > can ssh to my FW > > The problem is that once connected to the vpn they can not access > internet. > here is my conf: > > etc/pptpd.conf > ------------------- > option /etc/ppp/options.pptpd > logwtmp > localip 192.168.10.80-89 > remoteip 192.168.10.90-99 > > > Shorewall > ---------- > interfaces > #ZONE INTERFACE OPTIONS > loc eth0 > net ppp0 > net ppp1 > vpn ppp+ >*HINT* you can make also something like this loc ppp+ as replacement for vpn ppp+> > zones > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > rules > #VPN > ACCEPT net $FW tcp 1723 > ACCEPT vpn $FW tcp 22 > ACCEPT vpn net tcp http,https > ACCEPT vpn net udp 53 > > > tunnels > #TYPE ZONE GATEWAY(S) GATEWAY > # ZONE(S) > pptpserver net 0.0.0.0/0 <http://0.0.0.0/0> > > > > masq > #INTERFACE:DEST SOURCE ADDRESS PROTO > PORT(S) IPSEC MARK USER/ SWITCH > # > GROUP > > > ppp1 192.168.10.0/24 <http://192.168.10.0/24> > ppp0 192.168.10.0/24 <http://192.168.10.0/24> > ppp+ 192.168.10.0/24 <http://192.168.10.0/24> > > > I dont know what I am doing wrong. > > Any idea? > > Really thanks > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
the same i have this in the log Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 ppp2 = pptp ppp0 adsl1 192.168.10.90 is me outside connected to the vpn On Thu, Sep 6, 2012 at 4:01 PM, DanyD <danyd@direkt.ro> wrote:> See HINT comment > > Bogdan T. > > SysAdmin > tbogdan<.a|t.>direkt.ro > ---------------------------- > www.direkt.ro > www.first-car.ro > > > > On 06-09-12 6:53 PM, Nico Pagliaro wrote: > > Hi everybody, I am having this problem > > I have 2 adsl in my firewall > adsl1 - eth1 > ads2 - eth2 > lan - eth0 192.168.10.0/24 > > and shorewall > > Now I have installed pptpd in my firewall and works > My client connects without probem and can access local servers, also I can > ssh to my FW > > The problem is that once connected to the vpn they can not access > internet. > here is my conf: > > etc/pptpd.conf > ------------------- > option /etc/ppp/options.pptpd > logwtmp > localip 192.168.10.80-89 > remoteip 192.168.10.90-99 > > > Shorewall > ---------- > interfaces > #ZONE INTERFACE OPTIONS > loc eth0 > net ppp0 > net ppp1 > vpn ppp+ > > > *HINT* > you can make also something like this > > loc ppp+ > as replacement for > vpn ppp+ > > > zones > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > rules > #VPN > ACCEPT net $FW tcp 1723 > ACCEPT vpn $FW tcp 22 > ACCEPT vpn net tcp http,https > ACCEPT vpn net udp 53 > > > tunnels > #TYPE ZONE GATEWAY(S) GATEWAY > # ZONE(S) > pptpserver net 0.0.0.0/0 > > > > masq > #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK USER/ SWITCH > # > GROUP > > > ppp1 192.168.10.0/24 > ppp0 192.168.10.0/24 > ppp+ 192.168.10.0/24 > > > I dont know what I am doing wrong. > > Any idea? > > Really thanks > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
but ppgrp was replaced with vpn right? as it''s your ppp+ if. On 6 September 2012 20:12, Nico Pagliaro <nicopag@gmail.com> wrote:> the same > i have this in the log > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=8 > ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=9 > ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=10 > ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=11 > ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=12 > ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=13 > ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=14 > ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=15 > ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=16 > ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=17 > ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 > > > ppp2 = pptp > ppp0 adsl1 > 192.168.10.90 is me outside connected to the vpn > > > On Thu, Sep 6, 2012 at 4:01 PM, DanyD <danyd@direkt.ro> wrote: > >> See HINT comment >> >> Bogdan T. >> >> SysAdmin >> tbogdan<.a|t.>direkt.ro >> ---------------------------- >> www.direkt.ro >> www.first-car.ro >> >> >> >> On 06-09-12 6:53 PM, Nico Pagliaro wrote: >> >> Hi everybody, I am having this problem >> >> I have 2 adsl in my firewall >> adsl1 - eth1 >> ads2 - eth2 >> lan - eth0 192.168.10.0/24 >> >> and shorewall >> >> Now I have installed pptpd in my firewall and works >> My client connects without probem and can access local servers, also I >> can ssh to my FW >> >> The problem is that once connected to the vpn they can not access >> internet. >> here is my conf: >> >> etc/pptpd.conf >> ------------------- >> option /etc/ppp/options.pptpd >> logwtmp >> localip 192.168.10.80-89 >> remoteip 192.168.10.90-99 >> >> >> Shorewall >> ---------- >> interfaces >> #ZONE INTERFACE OPTIONS >> loc eth0 >> net ppp0 >> net ppp1 >> vpn ppp+ >> >> >> *HINT* >> you can make also something like this >> >> loc ppp+ >> as replacement for >> vpn ppp+ >> >> >> zones >> #ZONE TYPE OPTIONS IN OUT >> # OPTIONS OPTIONS >> fw firewall >> net ipv4 >> loc ipv4 >> vpn ipv4 >> >> rules >> #VPN >> ACCEPT net $FW tcp 1723 >> ACCEPT vpn $FW tcp 22 >> ACCEPT vpn net tcp http,https >> ACCEPT vpn net udp 53 >> >> >> tunnels >> #TYPE ZONE GATEWAY(S) GATEWAY >> # ZONE(S) >> pptpserver net 0.0.0.0/0 >> >> >> >> masq >> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) >> IPSEC MARK USER/ SWITCH >> # >> GROUP >> >> >> ppp1 192.168.10.0/24 >> ppp0 192.168.10.0/24 >> ppp+ 192.168.10.0/24 >> >> >> I dont know what I am doing wrong. >> >> Any idea? >> >> Really thanks >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> >> _______________________________________________ >> Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Sorry, I dont understand you On Thu, Sep 6, 2012 at 4:51 PM, Gábor Majoros <mersaint@gmail.com> wrote:> but ppgrp was replaced with vpn right? as it''s your ppp+ if. > > > > > On 6 September 2012 20:12, Nico Pagliaro <nicopag@gmail.com> wrote: > >> the same >> i have this in the log >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=8 >> ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=9 >> ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=10 >> ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=11 >> ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=12 >> ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=13 >> ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 >> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=14 >> ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 >> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=15 >> ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 >> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=16 >> ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 >> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 >> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=17 >> ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 >> >> >> ppp2 = pptp >> ppp0 adsl1 >> 192.168.10.90 is me outside connected to the vpn >> >> >> On Thu, Sep 6, 2012 at 4:01 PM, DanyD <danyd@direkt.ro> wrote: >> >>> See HINT comment >>> >>> Bogdan T. >>> >>> SysAdmin >>> tbogdan<.a|t.>direkt.ro >>> ---------------------------- >>> www.direkt.ro >>> www.first-car.ro >>> >>> >>> >>> On 06-09-12 6:53 PM, Nico Pagliaro wrote: >>> >>> Hi everybody, I am having this problem >>> >>> I have 2 adsl in my firewall >>> adsl1 - eth1 >>> ads2 - eth2 >>> lan - eth0 192.168.10.0/24 >>> >>> and shorewall >>> >>> Now I have installed pptpd in my firewall and works >>> My client connects without probem and can access local servers, also I >>> can ssh to my FW >>> >>> The problem is that once connected to the vpn they can not access >>> internet. >>> here is my conf: >>> >>> etc/pptpd.conf >>> ------------------- >>> option /etc/ppp/options.pptpd >>> logwtmp >>> localip 192.168.10.80-89 >>> remoteip 192.168.10.90-99 >>> >>> >>> Shorewall >>> ---------- >>> interfaces >>> #ZONE INTERFACE OPTIONS >>> loc eth0 >>> net ppp0 >>> net ppp1 >>> vpn ppp+ >>> >>> >>> *HINT* >>> you can make also something like this >>> >>> loc ppp+ >>> as replacement for >>> vpn ppp+ >>> >>> >>> zones >>> #ZONE TYPE OPTIONS IN OUT >>> # OPTIONS OPTIONS >>> fw firewall >>> net ipv4 >>> loc ipv4 >>> vpn ipv4 >>> >>> rules >>> #VPN >>> ACCEPT net $FW tcp 1723 >>> ACCEPT vpn $FW tcp 22 >>> ACCEPT vpn net tcp http,https >>> ACCEPT vpn net udp 53 >>> >>> >>> tunnels >>> #TYPE ZONE GATEWAY(S) GATEWAY >>> # ZONE(S) >>> pptpserver net 0.0.0.0/0 >>> >>> >>> >>> masq >>> #INTERFACE:DEST SOURCE ADDRESS PROTO >>> PORT(S) IPSEC MARK USER/ SWITCH >>> # >>> GROUP >>> >>> >>> ppp1 192.168.10.0/24 >>> ppp0 192.168.10.0/24 >>> ppp+ 192.168.10.0/24 >>> >>> >>> I dont know what I am doing wrong. >>> >>> Any idea? >>> >>> Really thanks >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today''s security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> >>> >>> >>> _______________________________________________ >>> Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today''s security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06-09-12 11:05 PM, Nico Pagliaro wrote:> Sorry, I dont understand you > > On Thu, Sep 6, 2012 at 4:51 PM, Gábor Majoros <mersaint@gmail.com > <mailto:mersaint@gmail.com>> wrote: > > but ppgrp was replaced with vpn right? as it''s your ppp+ if. > > >HTTP protocol it working for you? I dont see the ping as a rule, something like: Ping(ACCEPT):info vpn ppp0 Please provide more info about your configs , not parts of it if you want us to help you Bogdan T. SysAdmin tbogdan<.a|t.>direkt.ro <http://direkt.ro> ---------------------------- www.direkt.ro <http://www.direkt.ro> www.first-car.ro <http://www.first-car.ro>> > > On 6 September 2012 20:12, Nico Pagliaro <nicopag@gmail.com > <mailto:nicopag@gmail.com>> wrote: > > the same > i have this in the log > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > Sep 6 16:56:43 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > Sep 6 16:56:44 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > Sep 6 16:56:44 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > Sep 6 16:56:44 localhost kernel: > Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 > DST=200.40.139.50 <tel:200.40.139.50> LEN=84 TOS=0x00 > PREC=0x00 TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 > > > ppp2 = pptp > ppp0 adsl1 > 192.168.10.90 is me outside connected to the vpn > > > On Thu, Sep 6, 2012 <tel:2012> at 4:01 PM, DanyD > <danyd@direkt.ro <mailto:danyd@direkt.ro>> wrote: > > See HINT comment > > Bogdan T. > > SysAdmin > tbogdan<.a|t.>direkt.ro <http://direkt.ro> > ---------------------------- > www.direkt.ro <http://www.direkt.ro> > www.first-car.ro <http://www.first-car.ro> > > > > On 06-09-12 6:53 PM, Nico Pagliaro wrote: >> Hi everybody, I am having this problem >> >> I have 2 adsl in my firewall >> adsl1 - eth1 >> ads2 - eth2 >> lan - eth0 192.168.10.0/24 <http://192.168.10.0/24> >> >> and shorewall >> >> Now I have installed pptpd in my firewall and works >> My client connects without probem and can access local >> servers, also I can ssh to my FW >> >> The problem is that once connected to the vpn they can >> not access internet. >> here is my conf: >> >> etc/pptpd.conf >> ------------------- >> option /etc/ppp/options.pptpd >> logwtmp >> localip 192.168.10.80-89 >> remoteip 192.168.10.90-99 >> >> >> Shorewall >> ---------- >> interfaces >> #ZONE INTERFACE OPTIONS >> loc eth0 >> net ppp0 >> net ppp1 >> vpn ppp+ >> > > *HINT* > you can make also something like this > > loc ppp+ > as replacement for > vpn ppp+ > >> >> zones >> #ZONE TYPE OPTIONS IN >> OUT >> # OPTIONS >> OPTIONS >> fw firewall >> net ipv4 >> loc ipv4 >> vpn ipv4 >> >> rules >> #VPN >> ACCEPT net $FW tcp 1723 >> ACCEPT vpn $FW tcp 22 >> ACCEPT vpn net tcp http,https >> ACCEPT vpn net udp 53 >> >> >> tunnels >> #TYPE ZONE GATEWAY(S) >> GATEWAY >> # >> ZONE(S) >> pptpserver net 0.0.0.0/0 <http://0.0.0.0/0> >> >> >> >> masq >> #INTERFACE:DEST SOURCE ADDRESS >> PROTO PORT(S) IPSEC MARK USER/ SWITCH >> # >> GROUP >> >> >> ppp1 192.168.10.0/24 <http://192.168.10.0/24> >> ppp0 192.168.10.0/24 <http://192.168.10.0/24> >> ppp+ 192.168.10.0/24 <http://192.168.10.0/24> >> >> >> I dont know what I am doing wrong. >> >> Any idea? >> >> Really thanks >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today''s security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats.http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net <mailto:Shorewall-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s > security and > threat landscape has changed and how IT managers can > respond. Discussions > will include endpoint security, mobile security and the > latest in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest > in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I don''t have a rule for ping but yes for http. In my first post is that info. Why do you think I need ping? rules #VPN ACCEPT net $FW tcp 1723 ACCEPT vpn $FW tcp 22 ACCEPT vpn net tcp http,https ACCEPT vpn net udp 53 El jueves, 6 de septiembre de 2012, DanyD escribió:> On 06-09-12 11:05 PM, Nico Pagliaro wrote: > > Sorry, I dont understand you > > On Thu, Sep 6, 2012 at 4:51 PM, Gábor Majoros <mersaint@gmail.com<javascript:_e({}, ''cvml'', ''mersaint@gmail.com'');> > > wrote: > >> but ppgrp was replaced with vpn right? as it''s your ppp+ if. >> >> >> >> HTTP protocol it working for you? > I dont see the ping as a rule, something like: > > Ping(ACCEPT):info vpn ppp0 > > Please provide more info about your configs , not parts of it if you want > us to help you > > Bogdan T. > > SysAdmin > tbogdan<.a|t.>direkt.ro > ---------------------------- > www.direkt.ro > www.first-car.ro > > > On 6 September 2012 20:12, Nico Pagliaro <nicopag@gmail.com> wrote: > > the same > i have this in the log > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=9 > ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=10 > ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=11 > ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=12 > ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=13 > ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=14 > ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=15 > ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=16 > ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0 > SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=17 > ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/6/12 12:12 PM, Nico Pagliaro wrote:> the same > i have this in the log > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202You need the ''routeback'' option on the ppp+ entry in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I try it with no luck El jueves, 6 de septiembre de 2012, Tom Eastep escribió:> On 9/6/12 12:12 PM, Nico Pagliaro wrote: > > the same > > i have this in the log > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 > > You need the ''routeback'' option on the ppp+ entry in > /etc/shorewall/interfaces. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Strange, I remember that did not work for me. Checked and still does not work... (commented for the test my masq line) And realized my solution was /etc/shorewall/masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC $ eth0 10.10.0.0/24 (vpn users range) however google, gmail, etc works, but some www sites do not (most is https, but use gmail also via https only) You meant like this I suppose : #ZONE INTERFACE BROADCAST OPTIONS loc ppp+ - routeback On 6 September 2012 22:21, Tom Eastep <teastep@shorewall.net> wrote:> On 9/6/12 12:12 PM, Nico Pagliaro wrote: > > the same > > i have this in the log > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 > > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 > > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 > > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 > > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 > > You need the ''routeback'' option on the ppp+ entry in > /etc/shorewall/interfaces. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Try the masq line I sent. Sorry for me that was the trick. Just did not realized... On 6 September 2012 22:40, Nico Pagliaro <nicopag@gmail.com> wrote:> I try it with no luck > > El jueves, 6 de septiembre de 2012, Tom Eastep escribió: > > On 9/6/12 12:12 PM, Nico Pagliaro wrote: >> > the same >> > i have this in the log >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 >> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 >> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 >> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 >> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 >> >> You need the ''routeback'' option on the ppp+ entry in >> /etc/shorewall/interfaces. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I think I am doing something wrong.
I will try to explain my conf again (sorry about my english)
My box has shorewall installed with 2 ADSL and pptpd
ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
ppp1 - ADSL connection. Internet Traffic. This is in eth2
eth0 - LAN - 192.168.10.0/24
IFCONFIG
----------------
eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6
inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F
inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ppp0 Link encap:Point-to-Point Protocol
inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
ppp1 Link encap:Point-to-Point Protocol
inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
ppp2 Link encap:Point-to-Point Protocol
inet addr:192.168.10.80 P-t-P:192.168.10.90 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
PPTPD CONF
--------------------
localip 192.168.10.80-89
remoteip 192.168.10.90-99
SHOREWALL CONF
---------------------------------
interfaces
======FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
loc eth0
net ppp0
net ppp1
vpn ppp2 routeback
zones
====#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
vpn ipv4
masq
===#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK USER/ SWITCH
#
GROUP
eth0 192.168.10.0/24
ppp1 192.168.10.0/24
ppp0 192.168.10.0/24
ppp2 192.168.10.0/24
rules
===#VPN
ACCEPT net $FW tcp 1723
ACCEPT vpn $FW tcp 22
ACCEPT vpn net tcp http,https,53
ACCEPT vpn net udp 53
ACCEPT vpn net icmp echo-request
ACCEPT vpn loc all
tunnels
====
#TYPE ZONE GATEWAY(S) GATEWAY
# ZONE(S)
pptpserver net 0.0.0.0/0
I can access every server in my LAN, but no outside traffic
For example I have this when I am doing PING, but LOSS 100%
Sep 7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=63
ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
Sep 7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1 ID=1268
PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272
Thanks
On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <mersaint@gmail.com> wrote:
> Try the masq line I sent.
>
> Sorry for me that was the trick. Just did not realized...
>
> On 6 September 2012 22:40, Nico Pagliaro <nicopag@gmail.com> wrote:
>
>> I try it with no luck
>>
>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>
>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>> > the same
>>> > i have this in the log
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
PREC=0x00
>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>
>>> You need the ''routeback'' option on the ppp+ entry
in
>>> /etc/shorewall/interfaces.
>>>
>>> -Tom
>>> --
>>> Tom Eastep \ When I die, I want to go like my Grandfather
who
>>> Shoreline, \ died peacefully in his sleep. Not screaming
like
>>> Washington, USA \ all of the passengers in his car
>>> http://shorewall.net
\________________________________________________
>>>
>>>
>>
>>
------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today''s security
and
>> threat landscape has changed and how IT managers can respond.
Discussions
>> will include endpoint security, mobile security and the latest in
malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I FOUND IT!!!
I forget to COPY in the providers!!!
Thanks for everything
Now the providers is like this:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
voip 1 1 main ppp0
detect track eth0,ppp2
internet 2 2 main ppp1
detect track eth0,ppp2
On Fri, Sep 7, 2012 at 9:45 AM, Nico Pagliaro <nicopag@gmail.com> wrote:
> I think I am doing something wrong.
> I will try to explain my conf again (sorry about my english)
>
> My box has shorewall installed with 2 ADSL and pptpd
>
> ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
> ppp1 - ADSL connection. Internet Traffic. This is in eth2
> eth0 - LAN - 192.168.10.0/24
>
> IFCONFIG
> ----------------
> eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84
> inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
>
> eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6
> inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F
> inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
>
> ppp1 Link encap:Point-to-Point Protocol
> inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
>
> ppp2 Link encap:Point-to-Point Protocol
> inet addr:192.168.10.80 P-t-P:192.168.10.90
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
>
> PPTPD CONF
> --------------------
> localip 192.168.10.80-89
> remoteip 192.168.10.90-99
>
>
> SHOREWALL CONF
> ---------------------------------
>
> interfaces
> ======> FORMAT 2
>
>
###############################################################################
> #ZONE INTERFACE OPTIONS
> loc eth0
> net ppp0
> net ppp1
> vpn ppp2 routeback
>
>
>
> zones
> ====> #ZONE TYPE OPTIONS IN
OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc ipv4
> vpn ipv4
>
>
> masq
> ===> #INTERFACE:DEST SOURCE ADDRESS PROTO
PORT(S)
> IPSEC MARK USER/ SWITCH
> #
> GROUP
>
> eth0 192.168.10.0/24
> ppp1 192.168.10.0/24
> ppp0 192.168.10.0/24
> ppp2 192.168.10.0/24
>
> rules
> ===> #VPN
> ACCEPT net $FW tcp 1723
> ACCEPT vpn $FW tcp 22
> ACCEPT vpn net tcp http,https,53
> ACCEPT vpn net udp 53
> ACCEPT vpn net icmp echo-request
> ACCEPT vpn loc all
>
> tunnels
> ====>
> #TYPE ZONE GATEWAY(S) GATEWAY
> # ZONE(S)
> pptpserver net 0.0.0.0/0
>
>
>
> I can access every server in my LAN, but no outside traffic
>
> For example I have this when I am doing PING, but LOSS 100%
> Sep 7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00
> TTL=63 ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
> Sep 7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1
> ID=1268 PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272
>
>
> Thanks
>
>
> On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <mersaint@gmail.com>
wrote:
>
>> Try the masq line I sent.
>>
>> Sorry for me that was the trick. Just did not realized...
>>
>> On 6 September 2012 22:40, Nico Pagliaro <nicopag@gmail.com>
wrote:
>>
>>> I try it with no luck
>>>
>>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>>
>>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>>> > the same
>>>> > i have this in the log
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>>> > Sep 6 16:56:43 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00
>>>> PREC=0x00
>>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00 PREC=0x00
>>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>>> > Sep 6 16:56:44 localhost kernel:
Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84
TOS=0x00 PREC=0x00
>>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>>
>>>> You need the ''routeback'' option on the ppp+
entry in
>>>> /etc/shorewall/interfaces.
>>>>
>>>> -Tom
>>>> --
>>>> Tom Eastep \ When I die, I want to go like my
Grandfather who
>>>> Shoreline, \ died peacefully in his sleep. Not
screaming like
>>>> Washington, USA \ all of the passengers in his car
>>>> http://shorewall.net
\________________________________________________
>>>>
>>>>
>>>
>>>
------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today''s
security and
>>> threat landscape has changed and how IT managers can respond.
Discussions
>>> will include endpoint security, mobile security and the latest in
malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Shorewall-users mailing list
>>> Shorewall-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>
>>>
>>
>>
>>
------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today''s security
and
>> threat landscape has changed and how IT managers can respond.
Discussions
>> will include endpoint security, mobile security and the latest in
malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
:D How sweet if you figure out on you own hey? :) On 7 September 2012 14:15, Nico Pagliaro <nicopag@gmail.com> wrote:> I FOUND IT!!! > I forget to COPY in the providers!!! > Thanks for everything > Now the providers is like this: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > voip 1 1 main ppp0 > detect track eth0,ppp2 > internet 2 2 main ppp1 > detect track eth0,ppp2 > > On Fri, Sep 7, 2012 at 9:45 AM, Nico Pagliaro <nicopag@gmail.com> wrote: > >> I think I am doing something wrong. >> I will try to explain my conf again (sorry about my english) >> >> My box has shorewall installed with 2 ADSL and pptpd >> >> ppp0 - ADSL connection (I use this only for VoIP). this is in eth1 >> ppp1 - ADSL connection. Internet Traffic. This is in eth2 >> eth0 - LAN - 192.168.10.0/24 >> >> IFCONFIG >> ---------------- >> eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84 >> inet addr:192.168.10.1 Bcast:192.168.10.255 Mask: >> 255.255.255.0 >> >> eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6 >> inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> >> eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F >> inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> >> ppp0 Link encap:Point-to-Point Protocol >> inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 >> >> ppp1 Link encap:Point-to-Point Protocol >> inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 >> >> ppp2 Link encap:Point-to-Point Protocol >> inet addr:192.168.10.80 P-t-P:192.168.10.90 >> Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1 >> >> PPTPD CONF >> -------------------- >> localip 192.168.10.80-89 >> remoteip 192.168.10.90-99 >> >> >> SHOREWALL CONF >> --------------------------------- >> >> interfaces >> ======>> FORMAT 2 >> >> ############################################################################### >> #ZONE INTERFACE OPTIONS >> loc eth0 >> net ppp0 >> net ppp1 >> vpn ppp2 routeback >> >> >> >> zones >> ====>> #ZONE TYPE OPTIONS IN OUT >> # OPTIONS OPTIONS >> fw firewall >> net ipv4 >> loc ipv4 >> vpn ipv4 >> >> >> masq >> ===>> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) >> IPSEC MARK USER/ SWITCH >> # >> GROUP >> >> eth0 192.168.10.0/24 >> ppp1 192.168.10.0/24 >> ppp0 192.168.10.0/24 >> ppp2 192.168.10.0/24 >> >> rules >> ===>> #VPN >> ACCEPT net $FW tcp 1723 >> ACCEPT vpn $FW tcp 22 >> ACCEPT vpn net tcp http,https,53 >> ACCEPT vpn net udp 53 >> ACCEPT vpn net icmp echo-request >> ACCEPT vpn loc all >> >> tunnels >> ====>> >> #TYPE ZONE GATEWAY(S) GATEWAY >> # ZONE(S) >> pptpserver net 0.0.0.0/0 >> >> >> >> I can access every server in my LAN, but no outside traffic >> >> For example I have this when I am doing PING, but LOSS 100% >> Sep 7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 >> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 >> TTL=63 ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457 >> Sep 7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 >> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1 >> ID=1268 PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272 >> >> >> Thanks >> >> >> On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <mersaint@gmail.com> wrote: >> >>> Try the masq line I sent. >>> >>> Sorry for me that was the trick. Just did not realized... >>> >>> On 6 September 2012 22:40, Nico Pagliaro <nicopag@gmail.com> wrote: >>> >>>> I try it with no luck >>>> >>>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió: >>>> >>>> On 9/6/12 12:12 PM, Nico Pagliaro wrote: >>>>> > the same >>>>> > i have this in the log >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 >>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 >>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 >>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 >>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 >>>>> PREC=0x00 >>>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 >>>>> >>>>> You need the ''routeback'' option on the ppp+ entry in >>>>> /etc/shorewall/interfaces. >>>>> >>>>> -Tom >>>>> -- >>>>> Tom Eastep \ When I die, I want to go like my Grandfather who >>>>> Shoreline, \ died peacefully in his sleep. Not screaming like >>>>> Washington, USA \ all of the passengers in his car >>>>> http://shorewall.net \________________________________________________ >>>>> >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today''s security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> Shorewall-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today''s security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/7/12 6:15 AM, Nico Pagliaro wrote:> I FOUND IT!!! > I forget to COPY in the providers!!! > Thanks for everything > Now the providers is like this: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > voip 1 1 main ppp0 > detect track eth0,ppp2 > internet 2 2 main ppp1 > detect track eth0,ppp2 >You may want to consider this configuration: shorewall.conf: USE_DEFAULT_RT=Yes providers: #NAME NUM MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY voip 1 1 - ppp0 - track - internet 2 2 - ppp1 - track - With your current configuration, if the VPN link goes down and comes back up, you have to restart Shorewall to get things working again. Also, you can get rid of the ''masq'' entries for eth0 and ppp2. If you decide to try this configuration, use ''shorewall stop; shorewall start'' to install it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Tom Thanks for your reply I use tcrules to redirect traffic. With that conf I can use tcrules also? On Fri, Sep 7, 2012 at 10:34 AM, Tom Eastep <teastep@shorewall.net> wrote:> On 9/7/12 6:15 AM, Nico Pagliaro wrote: > > I FOUND IT!!! > > I forget to COPY in the providers!!! > > Thanks for everything > > Now the providers is like this: > > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > > OPTIONS COPY > > voip 1 1 main ppp0 > > detect track eth0,ppp2 > > internet 2 2 main ppp1 > > detect track eth0,ppp2 > > > > You may want to consider this configuration: > > shorewall.conf: > > USE_DEFAULT_RT=Yes > > providers: > > #NAME NUM MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY > voip 1 1 - ppp0 - track - > internet 2 2 - ppp1 - track - > > With your current configuration, if the VPN link goes down and comes > back up, you have to restart Shorewall to get things working again. > > Also, you can get rid of the ''masq'' entries for eth0 and ppp2. > > If you decide to try this configuration, use ''shorewall stop; shorewall > start'' to install it. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/7/12 6:48 AM, Nico Pagliaro wrote:> Tom Thanks for your reply > I use tcrules to redirect traffic. > With that conf I can use tcrules also? >Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/