Hi,
I just sent the first message which for some reason took the attachement, I
thought we could add attachements and it put it in the post instead of this
information below. So here it is again, sorry if I wasn't suppose to add an
attachment...
I'm running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the
VPN options I'm using in Slackware 13.37 will not work in Shorewall, but in
Slackware 13.1 using the same Shorewall version and files, the 'interfaces',
'policy' and 'zone', are all I have configured, it was working and this also
works in Arch at present too, with the same Shorewall version and files. So
I suspect something to do with Slackware has changed since 13.1 causing this
issue because I tried this out with the default kernel that ships with
Slackware and it still would not work.
For *POLICY* line 1 & 2 if I use it the way you see it below this allows me
to have a connection over eth0 or wlan0. With it like this and I then
connect to OpenVPN, after I'm connected to the VPN, I then comment out line
2 and uncomment line 1, restart shorewall and now the connection stays
routed over the VPN and if the VPN is disconnected for any reason and I try
to get back online with 1 uncommented and 2 commented I can't and this is
the behaviour I'd like to keep.
I'm attaching a dump I did which is 'diff -u' with Arch online with the VPN
running with the policy line 1 uncommented and line 2 commented and working
and the same settings for the policy in Slackware but the VPN connection
won't go online.
Hopefully with the dump.txt someone can tell me why Slackware will not work
with the VPN in the policy line 1 uncommented and line 2 commented....
THANKS
Das
*INTERFACES*
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
net wlan0 detect dhcp,tcpflags,logmartians,nosmurfs
# OpenVPN Interface
vpn tun0 detect
vpn tap0 detect
*
POLICY*
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
#
# Block this machine from accessing NET ZONE accept for exceptions in
/etc/shorewall/rules
*1. #$FW net DROP info*
# Allow NET Zone when not on VPN - (Allow all connection requests from the
firewall to the Internet)
*2. $FW net ACCEPT
*
# Allow this machine to access the VPN ZONE for everything
$FW vpn ACCEPT
# Block anything from the NET ZONE to all other zones - (Drop (ignore) all
connection requests from the Internet to your firewall)
net all DROP info
# Block from using another connection
net net NONE
#
# The FOLLOWING POLICY MUST BE LAST
#
# Block everything else - (Reject all other connection requests (Shorewall
requires this catchall policy)
all all REJECT info
*ZONE*
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#vpn ipsec
vpn ipv4
------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
