Ed wrote: > Hi all, > I have a VPN setup but it only works once in a while. It seems my firewall > (shorewall 3.0.8) is blocking protocol 47. > > Here is what I have: > > eth0: internet > eth2: dmz - my pptp server > > My entry In the rules file: > pptp/ACCEPT fw dmz:192.168.253.2 > > My pptp macro > ############################################################################### > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT PORT(S) DEST LIMIT GROUP > PARAM - - tcp 1723 > PARAM - - 47 - > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > What my log reports: > warn.log:Nov 30 09:44:32 fw01 Shorewall:dmz2all:REJECT:IN=eth2 OUT=eth0 > SRC=192.168.2.12 DST=81.233.229.117 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=49617 > DF PROTO=47 > > Am I being thick and missing something obvious or could this be a bug of some > sort?
The server is the first to speak GRE which your macro isn't allowing.
You need to add this line to your macro:
PARAM DEST SOURCE 47
That requires that you be running Shorewall 3.2.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
