On 6/21/10 11:49 PM, Michele Petrazzo - Unipex wrote: > Keith Mitchell ha scritto: >> What Shorewall version are you running? >> > > Last from debian repo: 4.4.10.1 > >> Do you have your vpn setup in the interfaces file as well? >> > > No. Or better, no more than create the entry vpn into "interfaces" as said. >
We're not making any progress here. Please:
a) Remove the silly vpn->vpn ACCEPT policy (intra-ZONE traffic is always
allowed by default).
b) Be sure you have 'routeback' in the tap+ entry in
/etc/shorewall/interfaces.
c) Reproduce the problem (REJECT:FORWARD log messages).
d) Forward the output of 'shorewall dump' as an email attachment.
I have almost exactly the same setup and here is my vpn_frwd chain (note
the last rule):
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * eth4 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0
0.0.0.0/0
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
