Tom Eastep wrote: > C. Albers wrote: >> I have attached both dump files. I don't find >> diff'ing >> the files very informative. Maybe you can see >> something that I can't. >> >> As far as your gut feeling goes, I have no idea how my >> VPN traffic could not touch my firewall and get out on >> the internet. There's only one way out of my internal >> lan: forwarding through my linux router's eth0 >> interface, which shorewall is protecting. >> >> Let me know what you see. Thanks for your help, > > Chad -- I've been following this thread and I must confess that I don't > understand what problem you are reporting. When you "made some VPN > attempts", what was the SOURCE IP and what was the DESTINATION IP? (I > assume that the protocol was UDP and the DPT was 500?).
The reason that I ask is that the only UDP port 500 connection that is active in the "AfterVPN" dump originated from inside your firewall (192.168.2.254) with a destination on the net (204.26.5.165). Since you ACCEPT loc->net traffic by policy, I hope it isn't surprising that such a connection would be accepted. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
