similar to: help with a W2K VPN client 619 error and PPTP server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

Hi guys, I''m trying to setup an IPIP tunnel between a Cisco router and a firewall running Debian GNU/Linux Sarge with Shorewall 2.0.13. I''ve read and implemented the http://shorewall.net/IPIP.htm document, but I don''t understand why there should be at the same time a "tunnel" and a "tunnels" script. Shorewall still refuses to let the

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

Good Morning Everyone, I have a server that runs Shorewall/Samba/PPTP (Poptop). When we try to connect to the PPTP server from outside of the company, the Windows XP pro client can establish the connection. We can then ping the server and the clients behind the server without any problem, but the issue becomes that we cannot map to any of the shares on the samba server or to any client for that

Hey guys I''ve been beating my head on this for a few hours. Maybe it is just a stupid configuration error you can point me at. First here is a small diagram of what I am trying to configure: http://6bit.com/img/netdiag.png Currently I only have Shorewall running on the host on the right of the diagram until I can get this working then I''ll add it to the other host as well.

Greetings List Members, I''ll firstly apologise if this isn''t the place that I should be posting this message but here goes. What I want to do is have a VPN (PPTP/IPSEC/CIPE/etc) server, but it must support more than one simultaneous connection. I currently have a PPTP VPN server setup that has port 1723 and protocol 47 DNAT''d through to the internal IP

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public

Hi friends, I need help. I''ve PPTP Server running behind Shorewall. The PPTP server is working OK in my LAN, but I want to connect outside and It isn''t working. I''ve configurate shorewall like http://www.shorewall.net/PPTP.htm. I add only this lines in my rules DNAT net loc:165.182.15.15 tcp 1723 - IPext DNAT net loc:165.182.15.15 47 - - IPext It isn''t

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find

Hello! I configured a pptpserver on my firewall and followed the pptp-manual from Shorewall. Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can ping this server via internal ip (and use it: add samba-shares, etc.). Unfortunately I can''t connect to other hosts in my intranet (LOC). Ping from vpn-client to clients in intranet fails, although Shorewall-Log shows an

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Macklem wrote: | Tom, | | As I said in a previous mail, these rules file changes work. Thanks. | | However, I''m not sure that your firewall changes to handle the GATEWAY column in the tunnels file does work. I downloaded the most recent STABLE2 release from CVS and replaced my copy of the firewall script with the updated version

Hello everyone, I have a problem regarding gre tunneling, I have two linux box both of them has a private network and the linux A is connected to the internet via wireless radio and the other linux B is connected to the internet via lease line. Here is the setup of my two linux box Linux A eth0 = 203.189.x.1 (internet) eth1 = 192.168.1.1 (going to hub private network) Linux B eth0 = 205.198.x.1

All, With the dual-ISP support in the latest versions of Shorewall, is it also possible to setup dual-VPN with something like OpenVPN? If so, what are the high levels steps that would need to be completed? Aaron

I always used multiple links from different ISPs and in my oppinion the best way to really aggregate bandwidth is using some kind of proxy which the client connects to and distribute multiple connections to the links. Years ago, a friend of mine wrote Netsplitter: http://www.hostname.org/netsplitter/ but it''s outdated, abandoned (last version from 2002). And it was mainly written for

Any recommendations for a Linux distro to put Shorewall on top of? My main concern is to be able to use a Windows NT PPTP VPN server behind the firewall. If I remember right, there were some issues with passing GRE traffic through some versions of the Linux kernel. Are they solved now or do I still have to do some cryptic kernel patches? Experiences with that? Thanks! Tim

we have an external 2Mbit dsl connection and running on it are several gre vpn tunnels so far i''ve given priority to the vpn traffic (using htb) can i now put rules in for the tunnels to control traffic within each tunnel (that''s where our video conferencing etc runs)? or can i only control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the

Hello, I reinstalled my Slackware 10.1 a few days ago, before i did that i stored all files in /etc/shorewall to an external HDD. After reinstallation was complete i installed shorewall and restored the config files i backed up before, but now if the FW is running i can´t ping the adsl modem and so i can´t connect to the internet using pptp. Note, it worked before with exactly the same