On 05/29/2011 11:47 PM, N.A.G. wrote: > I'm trying to configure shorewall dynamic zone on outside interface for > IPSEC vpn users (Racoon + Shrew VPN Client) as most reliable and correct > way to set access restrictions on vpn users network access. VPN itself > working like a charm, but I need to dynamically allow VPN users certain > traffic when they connect and disallow when they disconnect. > > Have made config similar to > [url]http://www.shorewall.net/Dynamic.html[/url] examples, but it won't > compile with "ppp0 is not a defined bridge" error.
Your configuration is not similar to the one in the examples. > > /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > ### ISP metro area network > blan eth0 detect dhcp,routefilter > ### ISP L2TP (internet) > inet ppp0 detect routefilter > ### IPSec VPN > vpn ppp0:dynamic The example clearly specifies :dynamic in the *hosts* file while you are trying to do so in the *interfaces* file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
