Tom Eastep wrote:
> Sergio A. Kessler wrote:
>> hi tom,
>>
>> Tom Eastep wrote:
>>> Sergio A. Kessler wrote:
>>>
I also tried with:
# cat /etc/shorewall/masq
###
#INTERFACE SUBNET A
Tom Eastep wrote:
>
> If you load the kernel pptp helper modules (ipt_conntract_pptp and
> ipt_nat_pptp), you won't need the masq entry (or that's my understanding
> -- I haven't tried it).
I got the module names wrong -- should be:
ip_conntrack_pptp
ip_nat_pptp
-Tom
--
Tom Eastep\ Nothin
Tom Eastep wrote:
> It is working exactly as you *should* expect. The problem is that the
> server is sending GRE packets before the client. Normally, that is not a
> problem because all outbound traffic is SNATed through the same IP
> address. In your case, you want it to get a different source I
Sergio A. Kessler wrote:
> hi tom,
>
> Tom Eastep wrote:
>> Sergio A. Kessler wrote:
>>
>>> I also tried with:
>>> # cat /etc/shorewall/masq
>>> ###
>>> #INTERFACE SUBNET ADDRESS PROTO PORT(
hi tom,
Tom Eastep wrote:
> Sergio A. Kessler wrote:
>
>> I also tried with:
>> # cat /etc/shorewall/masq
>> ###
>> #INTERFACE SUBNET ADDRESS PROTO PORT(S)
>> IPSEC
>> eth0
hi all,
I have a problem with a VPN server (poptop) behind a shorewall firewall.
according with http://www.shorewall.net/PPTP.htm#ServerBehind
(and because the fw have multiple external IP address) I have:
/etc/shorewall/rules:
###
#AC
Sergio A. Kessler wrote:
> I also tried with:
> # cat /etc/shorewall/masq
> ###
> #INTERFACE SUBNET ADDRESS PROTO PORT(S)
> IPSEC
> eth0eth1$EXT_SALIDA
> eth