Nico Pagliaro wrote: > Friends, I am having a little problem with my pptp server on my shorewall. > I CAN connect to my pptp server from my LAN but no from Internet. What I am > doing wrong?? > > Here is my conf> > > Interfaces: > -------------- > #ZONE INTERFACE BROADCAST OPTIONS > - eth3 detect > net eth1 detect norfc1918 > net eth0 detect norfc1918 > net eth2 detect norfc1918 > vpn tun0 detect > vpn ppp+ detect > > Zones: > --------- > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > loc ipv4 > p2p:loc ipv4 > vpn ipv4 > tec:loc ipv4 > > > Providers: > -------------- > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > twol 2 2 main eth1 mypublic1 > track eth3,tun0,ppp0 > one 1 1 main eth0 mypublic2 > track eth3,tun0,ppp0 > thr 3 3 main eth2 mypublic3 > track eth3,tun0,ppp0 > > > Rules: > #PPTP - VPN > ACCEPT:info net $FW tcp 1723 > ACCEPT:info net $FW udp 500 > ACCEPT:info loc $FW tcp 1723 > ACCEPT:info loc $FW udp 500 > > Your missing: ACCEPT:info net $FW 47
This is useless when you try to hide the needed info: > Log: > Nov 14 10:58:27 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12113 DF PROTO=TCP SPT=29362 > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 > Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12208 DF PROTO=TCP SPT=29362 > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 > Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12386 DF PROTO=TCP SPT=29362 > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 > Nov 14 10:58:30 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12390 PROTO=UDP SPT=500 > DPT=500 LEN=320 > Nov 14 10:58:31 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12393 PROTO=UDP SPT=500 > DPT=500 LEN=320 > Nov 14 10:58:33 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12435 PROTO=UDP SPT=500 > DPT=500 LEN=320 > Nov 14 10:58:37 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12461 PROTO=UDP SPT=500 > DPT=500 LEN=320 > Nov 14 10:58:45 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT= > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12504 PROTO=UDP SPT=500 > DPT=500 LEN=320 > Jerry ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
