Re: [Shorewall-users] PPTP Server on my Shorewall

Nico Pagliaro Fri, 14 Nov 2008 07:23:08 -0800

I put that rule, and the same,. I cant connect...

On Fri, Nov 14, 2008 at 1:06 PM, Jerry Vonau <[EMAIL PROTECTED]> wrote:


> Nico Pagliaro wrote:
> > Friends, I am having a little problem with my pptp server on my
> shorewall.
> > I CAN connect to my pptp server from my LAN but no from Internet. What I
> am
> > doing wrong??
> >
> > Here is my conf>
> >
> > Interfaces:
> > --------------
> > #ZONE   INTERFACE       BROADCAST       OPTIONS
> >  -       eth3            detect
> > net     eth1            detect          norfc1918
> > net     eth0            detect          norfc1918
> > net     eth2            detect          norfc1918
> > vpn     tun0            detect
> > vpn     ppp+           detect
> >
> > Zones:
> > ---------
> > #ZONE   TYPE            OPTIONS         IN                      OUT
> > #                                       OPTIONS                 OPTIONS
> > fw      firewall
> > net     ipv4
> > loc     ipv4
> > p2p:loc ipv4
> > vpn     ipv4
> > tec:loc ipv4
> >
> >
> > Providers:
> > --------------
> > #NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
> > OPTIONS         COPY
> > twol    2       2       main            eth1            mypublic1
> > track           eth3,tun0,ppp0
> > one     1       1       main            eth0            mypublic2
> > track           eth3,tun0,ppp0
> > thr     3       3       main            eth2            mypublic3
> > track           eth3,tun0,ppp0
> >
> >
> > Rules:
> > #PPTP - VPN
> > ACCEPT:info     net             $FW     tcp     1723
> > ACCEPT:info     net             $FW     udp     500
> > ACCEPT:info     loc             $FW     tcp     1723
> > ACCEPT:info     loc             $FW     udp     500
> >
> >
> Your missing:
> ACCEPT:info     net             $FW     47
>
> This is useless when you try to hide the needed info:
> > Log:
> > Nov 14 10:58:27 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12113 DF PROTO=TCP
> SPT=29362
> > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> > Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12208 DF PROTO=TCP
> SPT=29362
> > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> > Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12386 DF PROTO=TCP
> SPT=29362
> > DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> > Nov 14 10:58:30 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12390 PROTO=UDP SPT=500
> > DPT=500 LEN=320
> > Nov 14 10:58:31 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12393 PROTO=UDP SPT=500
> > DPT=500 LEN=320
> > Nov 14 10:58:33 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12435 PROTO=UDP SPT=500
> > DPT=500 LEN=320
> > Nov 14 10:58:37 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12461 PROTO=UDP SPT=500
> > DPT=500 LEN=320
> > Nov 14 10:58:45 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> > MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> > FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12504 PROTO=UDP SPT=500
> > DPT=500 LEN=320
> >
>
> Jerry
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] PPTP Server on my Shorewall

Reply via email to