Re: [Shorewall-users] My macro is flawed?

Tom Eastep Fri, 01 Dec 2006 07:19:45 -0800

Ed wrote:
> On Thursday 30 November 2006 16:46, Tom Eastep wrote:
>> PARAM   DEST    SOURCE  47
> 
> Hi,
> I followed Tom's advice and upgraded to Shorewall 3.2.4.  After making the 
> changes needed after the upgrade and making sure it all worked, I went on to 
> try and get the PPTP VPN working... yes, OpenVPN is in the pipeline ;)
> 
> This is what I did and these are the errors I get... any help would be 
> appreciated.
> 
> BTW, this is my config
> 
> [INTERNET]<---> eth0-[FW SHOREWALL 3.2.4]-eth2 <---> eth0-[VPN SHOREWALL 
> 3.0.8]
> 
> The macro in on the firewall (FW).  I guess I missunderstood something...
> 
> Test run 1:
> PARAM   192.168.253.2   - 47
> PARAM   -       -                   tcp     1723
> PARAM   -       -                   47      -
> 
> Dec  1 09:49:50 fw01 Shorewall:dmz2all:REJECT:IN=eth2 OUT=eth3 
> SRC=192.168.253.2 DST=192.168.1.10 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=5337 
> DF PROTO=47
> 
> Test run 2:
> PARAM   -      192.168.253.2   47


> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

> PARAM   -       -                   tcp     1723
> PARAM   -       -                   47      -
> 
> ERROR: Undefined Server Zone in rule "ACCEPT fw 
> 192.168.253.2:dmz:192.168.253.2 47 - - - - -"
> 
> Test run 3:
> PARAM   -      dmz:192.168.253.2   47
> PARAM   -       -                   tcp     1723
> PARAM   -       -                   47      -
> 
> ERROR: Only DNAT, SAME and REDIRECT rules may specify destination port 
> mapping; rule "ACCEPT fw dmz:192.168.253.2:dmz:192.168.253.2 47 - - - - -"

So why didn't you add the entry to your macro that I gave in in my last message?
That is *all* that you had to do after upgrading? You did not have to change
your entry in /etc/shorewall/rules; you had to make NO other changes to the 
macro.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] My macro is flawed?

Reply via email to