Re: [Shorewall-users] Shorewall + Openvpn route problems

Nico Pagliaro Tue, 09 Oct 2007 12:44:36 -0700

###############################################################################
#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
nic             net     ACCEPT  info
nic             fw      ACCEPT  info
nic             loc     ACCEPT  info
nic             dmz     ACCEPT  info
fw              all     ACCEPT  -
dmz             all     ACCEPT  -
loc             loc     ACCEPT  -
loc             fw      ACCEPT  -
p2p             fw      ACCEPT  -
fw              p2p     ACCEPT  -
#loc            all     ACCEPT  -
#dmz            all     ACCEPT  -
#vpn            all     ACCEPT  -
#cue            all     ACCEPT  -
# vpn
loc             vpn     ACCEPT  -
vpn             loc     ACCEPT  -
dmz             vpn     ACCEPT  -
vpn             dmz     ACCEPT  -
vpn             fw      ACCEPT  -
vpn             net     ACCEPT  -
p2p             vpn     ACCEPT  -
vpn             p2p     ACCEPT  -
fw              vpn     ACCEPT  -
# cue
loc             cue     ACCEPT  -
cue             loc     ACCEPT  -
dmz             cue     ACCEPT  -
#cue            dmz     ACCEPT  -
#cue             fw      ACCEPT  -
#fw             cue     ACCEPT  -
p2p             cue     ACCEPT  -
#cue            p2p     ACCEPT  -
# resto del mundo
#net            net             DROP
net             all             DROP            info
# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info
#LAST LINE -- DO NOT REMOVE



On 10/9/07, Jerry Vonau <[EMAIL PROTECTED]> wrote:
>
> Nico Pagliaro wrote:
> > Yes, thats right!!
> > And it works!!! the only thing that I was missing is to copy tun0
> interface
> > in providers.
> >
> > Now, this work fine in my lab, but in production I have another
> Shorewall
> > (older) 3.4.2 and i have made the same, but with non luck ;(
> > look, when I try from my client to my dmz in the log appear
> >  kernel: Shorewall:nic2dmz:ACCEPT:IN=tun0 OUT=eth0 SRC=10.8.0.13 DST=
> > 192.168.0.15 LEN
> > (note that nic(nico) is openvpn zone)
> > There is no problem between internal zones, BUT if I try to go to my
> server
> > 74.53.205.xxx
> > log this:_
> >  kernel: Shorewall:all2all:REJECT:IN=tun0 OUT=eth2 SRC=10.8.0.13 DST=
> > 74.54.56.xxx
> >
> > It sounds like there ir no policy that apply, but in my policie file I
> have
> > nic             net     ACCEPT  info
> > nic             fw      ACCEPT  info
> > nic             loc     ACCEPT  info
> > nic             dmz     ACCEPT  info
> >
> Those are above the drop/reject policy and not below right?
>
> Jerry
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Shorewall + Openvpn route problems

Reply via email to