Re: [Shorewall-users] PPTP Server on my Shorewall

Marcus Limosani Fri, 14 Nov 2008 07:31:11 -0800

PPTP often needs Protocol 47 forwarded to your PPTP server too, depending on 
what PPTP server you are using.


 

I was running my previous system under an iptables based firewall which had 
that in place for PPTP to my Windows SBS.

 

I haven’t however needed to implement it on the new gateway box running 
shorewall

 

From: Nico Pagliaro [mailto:[EMAIL PROTECTED] 
Sent: Saturday, 15 November 2008 2:19 AM
To: Shorewall Users
Subject: Re: [Shorewall-users] PPTP Server on my Shorewall

 

I put that rule, and the same,. I cant connect...

On Fri, Nov 14, 2008 at 1:06 PM, Jerry Vonau <[EMAIL PROTECTED]> wrote:

Nico Pagliaro wrote:
> Friends, I am having a little problem with my pptp server on my shorewall.
> I CAN connect to my pptp server from my LAN but no from Internet. What I am
> doing wrong??
>
> Here is my conf>
>
> Interfaces:
> --------------
> #ZONE   INTERFACE       BROADCAST       OPTIONS
>  -       eth3            detect
> net     eth1            detect          norfc1918
> net     eth0            detect          norfc1918
> net     eth2            detect          norfc1918
> vpn     tun0            detect
> vpn     ppp+           detect
>
> Zones:
> ---------
> #ZONE   TYPE            OPTIONS         IN                      OUT
> #                                       OPTIONS                 OPTIONS
> fw      firewall
> net     ipv4
> loc     ipv4
> p2p:loc ipv4
> vpn     ipv4
> tec:loc ipv4
>
>
> Providers:
> --------------
> #NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
> OPTIONS         COPY
> twol    2       2       main            eth1            mypublic1
> track           eth3,tun0,ppp0
> one     1       1       main            eth0            mypublic2
> track           eth3,tun0,ppp0
> thr     3       3       main            eth2            mypublic3
> track           eth3,tun0,ppp0
>
>
> Rules:
> #PPTP - VPN
> ACCEPT:info     net             $FW     tcp     1723
> ACCEPT:info     net             $FW     udp     500
> ACCEPT:info     loc             $FW     tcp     1723
> ACCEPT:info     loc             $FW     udp     500
>
>

Your missing:
ACCEPT:info     net             $FW     47

This is useless when you try to hide the needed info:

> Log:
> Nov 14 10:58:27 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12113 DF PROTO=TCP SPT=29362
> DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12208 DF PROTO=TCP SPT=29362
> DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> Nov 14 10:58:28 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=12386 DF PROTO=TCP SPT=29362
> DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
> Nov 14 10:58:30 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12390 PROTO=UDP SPT=500
> DPT=500 LEN=320
> Nov 14 10:58:31 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12393 PROTO=UDP SPT=500
> DPT=500 LEN=320
> Nov 14 10:58:33 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12435 PROTO=UDP SPT=500
> DPT=500 LEN=320
> Nov 14 10:58:37 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12461 PROTO=UDP SPT=500
> DPT=500 LEN=320
> Nov 14 10:58:45 fw3 kernel: Shorewall:net2fw:ACCEPT:IN=eth1 OUT=
> MAC=00:01:02:e8:68:24:00:07:84:ed:e4:38:08:00 SRC=EXTERNAL CLIENT DST=MY
> FIREWALL LEN=340 TOS=0x00 PREC=0x00 TTL=120 ID=12504 PROTO=UDP SPT=500
> DPT=500 LEN=320
>

Jerry

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] PPTP Server on my Shorewall

Reply via email to