Hi Tom,
Sorry getting lost now, been at this with other Slackware users, so I've
gotten quite spun around with this for the past few weeks.
Let me ask this over, or another way, if I did before and sorry if I'm
repeating myself. I only use OpenVPN as a client connecting to a VPN
service, so will the 3 files below as you see them work after I've connect
to OpenVPN? Because when I showed this to another Slackware user that seemed
quite experienced with iptables and I showed him the output of
iptables-save, he could not see anything wrong with the 3 files below not
working for me.
So the 3 files below work for me when I'm connected to OpenVPN, of course
when I need to connect to the VPN, I have to comment the first line in the
Policy and uncomment the second line, so how you see it now, this is after
I've connected and I've restarted shorewall...
So for me I do not need a host, tunnels or rules to make the connection
work....
Stopping and starting for 10 mins. doesn't do anything, everything works
just fine for me the way you see it below, once I'm on the VPN...
THANKS
*INTERFACES*
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
net wlan0 detect dhcp,tcpflags,logmartians,nosmurfs
# OpenVPN Interface
vpn tun0 detect
vpn tap0 detect
*
POLICY*
###############################################################################
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
#
# Block this machine from accessing NET ZONE accept for exceptions in
/etc/shorewall/rules*
$FW net DROP info*
# Allow NET Zone when not on VPN - (Allow all connection requests from the
firewall to the Internet)*
#$FW net ACCEPT**
*
# Allow this machine to access the VPN ZONE for everything
$FW vpn ACCEPT
# Block anything from the NET ZONE to all other zones - (Drop (ignore) all
connection requests from the Internet to your firewall)
net all DROP info
# Block from using another connection
net net NONE
#
# The FOLLOWING POLICY MUST BE LAST
#
# Block everything else - (Reject all other connection requests (Shorewall
requires this catchall policy)
all all REJECT info
*ZONE*
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#vpn ipsec
vpn ipv4
On Wed, Jul 27, 2011 at 1:50 PM, Tom Eastep <[email protected]> wrote:
>
> On Jul 27, 2011, at 4:18 PM, Tom Eastep wrote:
>
>
> I didn't say Netfilter messed up -- I'm betting on my solution a)
>
>
> And to prove it:
>
> a) Stop OpenVPN
> b) Wait 10 Minutes
> c) Try to start OpenVPN
>
> -Tom
>
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
