https://qa.mandrakesoft.com/show_bug.cgi?id=1293
------- Additional Comments From [EMAIL PROTECTED] 2003-02-23 17:43 ------- This bug is still present in 9.1rc1. Starting the firewall from Mandrake control center breaks ADSL PPTP (ppp0 is not included in any zone, so it is blocked by default). Moreover, stopping the firewall then reconnecting to ADSL fails because there are some pptp & pppd processes remaining. So ADSL connection should first kill spurious pptp/pppd processes before launching new ones. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: - ADSL PPTP works like a charm until drakgw is configured; basically the same issues as in 9.0: iptables(/shorewall) breaks the ADSL connexion. Symptoms: PING 10.0.0.138 [ADSL device] ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted In logs: dhcpd: send_packet: Operation not permitted When doing a iptables stop, I can relaunch the internet connexion properly, but of course no IP forwarding is available. I had a quick look at how shorewall works. So far I could make ADSL + IP forwarding (drakgw) work by changing the following configuration files: BTW The structure of the network is as follows: ___________________________________ Internet ^ | v ADSL device (pptp) on 10.0.0.138 ^ | ppp0 through eth0 (ethernet link) | v [ Machine 1: 10.0.0.1 on eth0 192.168.0.1 on eth1 dynamic IP on ppp0] eth1 <-> HUB (local network on 192.168.0) ____________________________________ Modified configuration files: 1) /etc/shorewall/interfaces ------------------------------ #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect masq eth0 detect loc eth1 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 2) /etc/shorewall/masq ------------------------- #INTERFACE SUBNET ADDRESS ppp0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE 3) /etc/shorewall/policy -------------------------- #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST masq net ACCEPT loc net ACCEPT fw net ACCEPT net all DROP info all all ACCEPT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE 4) Also added: ---------------- CLAMPMSS=Yes to shorewall.conf (I read it's recommended with ADSL connexions, but I don't know the real impact) Note: this configuration might be a bit permissive, and certainly can be improved, but it works, at least with the configuration shown above. By the way, when trying to configure drakgw through drakconf (automatic), I get the following messages. The "unknown interface" error is when shorewall restart with 192.168.0.0/255.255.255.0 in /etc/shorewall/masq (this is autogenerated value). ________ Error: Unknown interface 192.168.0.0/255.255.255.0 /sbin/service: line 148: 2889 Terminated $debug $servicedir/$service $options Arr�t de dhcpd : [ OK ] Arr�t de named : [ OK ] Error: Unknown interface 192.168.0.0/255.255.255.0 Error: Unknown interface 192.168.0.0/255.255.255.0 ________
