https://qa.mandrakesoft.com/show_bug.cgi?id=1293
------- Additional Comments From [EMAIL PROTECTED] 2003-02-23 18:37 ------- antoine wrote: Doesn't work in RC1 but seems to be fixed with following packages in Cooker: drakxtools-9.1-4mdk shorewall-1.3-14mdk ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: - ADSL PPTP works like a charm until drakgw is configured; basically the same issues as in 9.0: iptables(/shorewall) breaks the ADSL connexion. Symptoms: PING 10.0.0.138 [ADSL device] ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted In logs: dhcpd: send_packet: Operation not permitted When doing a iptables stop, I can relaunch the internet connexion properly, but of course no IP forwarding is available. I had a quick look at how shorewall works. So far I could make ADSL + IP forwarding (drakgw) work by changing the following configuration files: BTW The structure of the network is as follows: ___________________________________ Internet ^ | v ADSL device (pptp) on 10.0.0.138 ^ | ppp0 through eth0 (ethernet link) | v [ Machine 1: 10.0.0.1 on eth0 192.168.0.1 on eth1 dynamic IP on ppp0] eth1 <-> HUB (local network on 192.168.0) ____________________________________ Modified configuration files: 1) /etc/shorewall/interfaces ------------------------------ #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect masq eth0 detect loc eth1 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 2) /etc/shorewall/masq ------------------------- #INTERFACE SUBNET ADDRESS ppp0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE 3) /etc/shorewall/policy -------------------------- #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST masq net ACCEPT loc net ACCEPT fw net ACCEPT net all DROP info all all ACCEPT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE 4) Also added: ---------------- CLAMPMSS=Yes to shorewall.conf (I read it's recommended with ADSL connexions, but I don't know the real impact) Note: this configuration might be a bit permissive, and certainly can be improved, but it works, at least with the configuration shown above. By the way, when trying to configure drakgw through drakconf (automatic), I get the following messages. The "unknown interface" error is when shorewall restart with 192.168.0.0/255.255.255.0 in /etc/shorewall/masq (this is autogenerated value). ________ Error: Unknown interface 192.168.0.0/255.255.255.0 /sbin/service: line 148: 2889 Terminated $debug $servicedir/$service $options Arr�t de dhcpd : [ OK ] Arr�t de named : [ OK ] Error: Unknown interface 192.168.0.0/255.255.255.0 Error: Unknown interface 192.168.0.0/255.255.255.0 ________
