Richard Verdugo wrote:
Hello,I have a three interface shorewall firewall setup with openvpn server on the same machine. I'm bridgeing eth0 with tap0. I have an windows xp vpn client that is able to connect to the vpn but not ping anything on the internal network.The interfaces on the firewall are as follows: br0 = 10.100.100.200 <http://10.100.100.200/> (LOC) eth0 = tap0 = eth1 = 10.100.222.1 <http://10.100.222.1/> (DMZ) eth2 = 206.165.217.94 <http://206.165.217.94/> (NET)After I connect to the vpn with the xp sp2 client, the client gets assigned the ipaddress of 10.100.100.117/24 <http://10.100.100.117/24> to it's tap interface. then I try to ping 10.100.100.10 <http://10.100.100.10/> and it only says "Request timed out".I'm sure the problem is somewhere in my shorewall setup, like it's not allowing traffic from tap0 or vpn, or it allows that traffic in but not out.Please have a look at the attached shorewall dump file.
Looks like you forgot to specify the 'routeback' option on br0. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
