Gilberto Nunes wrote: > Hi all > > I have a firewall host working very well... > I setting up a openvpn on this firewall... > My vpn is working on a bridge mode. > I have this interfaces: > > br0 inet addr:172.168.1.1 Bcast:172.168.1.255 Mask:255.255.255.0 > eth0 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 > eth2 inet6 addr: fe80::217:9aff:fe7f:c7ec/64 Scope:Link > tap0 inet6 addr: fe80::2ff:31ff:fe46:207d/64 Scope:Link > > /etc/network/interfaces is: > # The primary network interface > auto eth0 > iface eth0 inet static > address 10.1.1.5 > network 10.1.1.0 > netmask 255.255.255.0 > broadcast 10.1.1.255 > gateway 10.1.1.1 > > auto br0 > iface br0 inet static > address 172.168.1.1 > netmask 255.255.255.0 > pre-up /usr/sbin/openvpn --mktun --dev tap0 > pre-up /sbin/ip link set tap0 up > pre-up /sbin/ip link set eth2 up > pre-up /usr/sbin/brctl addbr br0 > pre-up /usr/sbin/brctl addif br0 eth2 > pre-up /usr/sbin/brctl addif br0 tap0 > pre-down /usr/sbin/brctl delif br0 eth2 > pre-down /sbin/ip link set eth2 down > pre-down /usr/sbin/brctl delif br0 tap0 > pre-down /sbin/ip link set tap0 down > post-down /usr/sbin/brctl delbr br0 > post-down /usr/sbin/openvpn --rmtun --dev tap0 > > Route table: > > [EMAIL PROTECTED]:/etc/shorewall# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 172.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 10.1.1.1 0.0.0.0 UG 100 0 0 eth0 > > I have this on shorewall interfaces files: > > #loc eth2 > loc br0 detect routeback > net eth0 detect tcpflags,routefilter,nosmurfs,logmartians > > What is happen is: > > When I have the bridge interface up (i.e. BR0), my clients inside the > lan, can't surf on web, instead via squid proxy. > Other problem that appears now is that all my DNAT rules don't work any > more: > I try this, on rules file: > > DNAT net loc:172.168.1.20 tcp 3389 > DNAT net loc:172.168.1.20 tcp 4899 > > But don't work... > > What can I do?
Be sure that IP_FORWARDING=On in shorewall.conf. If that isn't the problem then please submit another problem report as described at http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
