Nico Pagliaro wrote: > Hi, sorry about the info i sent, but I don't like tu publish all my > firewall conf. in the forum. > Here I send you my dump, and the problem that I am having I think that > yes, is shorewall related because I cant browse the internet when I am > connected to my vpn > I think that the problem is in the masq, but I am not sure.. > I really appreciate the forum help
If all of the other things that I wrote asking you to check are correct, then I think that I know what the problem is. You are using a Multi-ISP setup and PPTP is modifying the main routing table when a client starts. Those changes to the main routing table are not copied to the per-provider routing tables which are used when routing incoming traffic. This results in response packets from the net having their destination IP address restored to the VPN client address and then being routed according to a per-provider table (because of 'track' in /etc/shorewall/providers). Unfortunately, that table doesn't have any entries that route packets through a ppp interface so the packets are mis-routed. You can add a routing rule to eliminate that problem as shown in example 2 at http://www.shorewall.net/MultiISP.html#Examples. You will need to construct the rule such that response packets from the net that are bound for VPN clients use the main routing table while all other response packets use the per-provider table. A cleaner solution to that problem is to upgrade to Shorewall 4.2.1 and to set USE_DEFAULT_RT=Yes in shorewall.conf. The Multi-ISP HOWTO at shorewall.net has instructions. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
