Hey First, let me apologize if this hits the mailing list twice. I ended up signing up for the user mailing list this morning with a '+' in my e-mail address only to realize shortly after signing up and sending the e-mail to the mailing list that there was no '+' in my actual e-mail address and thus it might not work. I waited the day to see if my question hit the mailing list. It appears to not have, so I unsubscribed, and re-subscribed with my proper e-mail address. So, sorry if my question hits twice. Hopefully it won't. I apologize in advance though if it does.
I was wondering if anyone could help or give me some pointers. I am trying to setup a pptpd server for the first time and I am fairly new to Shorewall. I have setup pptpd and Shorewall such that I can connect to the pptpd server successfully, however I am having two issues: 1) I cannot ping other connected devices to the pptpd network (not that important) 2) I cannot access the internet once connected to the pptpd server Strangely/incidentally, I can only connect to pptpd when Shorewall is running. In general, I am not sure if I have pptp configuration problem, or a shorewall problem. As I am new to shorewall, I was hoping that someone could verify if my setup looks correct/sane. I have gotten very confused from reading all the online tutorials/how-to's out there who all seem to recommend something slightly different. I have based a lot of my configuration off of: http://www.shorewall.net/PPTP.htm plus other walkthroughs I have found, plus the shore wall configuration and my terrible understanding of it. My general setup is a server with one ethernet connection and a static IP, eth0 (ip is say 17.17.17.17). I think that the interface/policy is correct. I am less certain of my mass, DNAT rules, and tunnel file. PPTPD CONFIGURATION For the pptpd.conf file I have: localip 192.168.123.1 remoteip 192.168.123.234-238,192.168.123.245 In my /etc/ppp/options.pptp file I have # Google DNS ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp SHOREWALL CONFIGURATION /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect tcpflags vpn ppp+ /etc/shorewall/masq #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ # GROUP ppp+ 192.168.123.0/24 ## Not 100% sure if the above is needed /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK $FW net ACCEPT $FW vpn ACCEPT vpn net ACCEPT vpn $FW ACCEPT net all DROP info all all REJECT info /etc/shorewall/rules #################################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS # PORT PORT(S) DEST LIMIT GROUP #SECTION ESTABLISHED #SECTION RELATED #SECTION NEW SSH/ACCEPT net $FW HTTP/ACCEPT net $FW HTTPS/ACCEPT net $FW # PPTP DNAT net vpn:17.17.17.17 tcp 1723 DNAT net vpn:17.17.17.17 47 /etc/shorewall/tunnels ############################################################################### #TYPE ZONE GATEWAY GATEWAY # ZONE pptpserver net 0.0.0.0/0 /etc/shorewall/zones ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 vpn ipv4 I have also enabled net.ipv4.ip_forward=1 in my sysctl.conf Any direction would be appreciated. Right now I am primarily trying to rule out whether or not this is a issue with my shorewall config or pptpd config. Thanks ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
