similar to: Router A Unable to Connect to Router B on VPN

Hi guys, I''m not sure where to post for help on this one, shorewall or lvs, I''ll start with shorewall (only cause Tom is a gun at this stuff, and is polite enough to tell me to bugger off to the LVS list if I''m posting in the wrong one ;) I have a single box that is my router/firewall/LVS. Internet -- eth0 - router/firewall - eth1 --- internal lan | eth2

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

Hello Lartc Mailing List: Been working on something the last week and a half and ALMOST have it working.., just need a few pointers from the wizards on this mailing list to nail it. Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4. Spokes are ruggencom RX1000 routers, Debian based with the following versions installed: rx1000test:~# uname -a Linux rx1000test

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

I''ve created an IPSec VPN using shorewall and racoon-tool under Debian 3.1. I''m not using the patched iptables/kernel for policy match, therefore I''m using the tunnels/hosts config method rather than the ipsec config file method. I''m running the latest 2.6.13 kernel. I have no problem getting my VPN connection up and running with one exception. Without

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

interfaces: local eth0 192.168.1.255 dhcp golive eth1 172.30.15.255 wiredc eth2 202.37.230.127 dhcp wave eth3 203.96.213.255 hosts: ipsec eth2:192.168.192.0/24 rules: DNAT wiredc local:192.168.1.3 tcp 80 - DNAT wave local:192.168.1.3 tcp 80 - 203.96.213.73 The rules here

Hello, Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts. First, what works. Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze. We have a 2 ISP: - isp1 : an optical fiber provider with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing

Hi all, I finally got my IPSec tunnel from my Fedora firewall system (running Shorewall 4.0.6) to a remote Draytek Router up-and-running, but I''m having difficulties directing traffic through the tunnel. From the output of "racoon -F -f racoon.conf" and the connection status page of the Draytek I can tell the tunnel is UP, but ping and traceroute requests to several hosts

Hi, thanks for a great piece of software! ...at the moment I have a commercial VPN box, which also acts as our firewall. I wish to replace this firewall functionality with a decicated Shorewall firewall, and use the VPN box only for VPN traffic. At the moment, this VPN/Firewall box is at an internet visible address, x.x.x.85 I wish to make the new Shorewall fireall x.x.x.85 and move the VPN to

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces:

Hello, I cannot establish Xserver connection via wireless subnet, while telnet is working fine. There was a similar problem before in Shorewall over IPSEC that Tom had fixed. Also, ping is working, but traceroute is not. Finally, PuTTY gets a connectivity error after couple minutes of inactivity over wireless when connected to the firewall/gateway. Wireless is configured per instructions in

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Dear Shorewall Users :-) I''ve been playing with shorewall for some time now - I found it really interesting and easy tool to organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

Hi I wonder if you can help... I have setup shorewall(2.2.3) under debian on a machine that has 4 network ports... the idea is that there is 1 WAN port, 1 DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected incoming connection from trusted sources, and the second LAN port I am trying to setup using masq NAT as it only requires outgoing connections, no incoming. the static NAT

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed