On 05/29/2012 05:32 AM, Nerijus Baliunas wrote:
Hello,I have in /etc/shorewall/tunnels: pptpserver net 78.60.246.96 I cannot connect from 78.60.246.96 to pptpd server running on my fw: SRC=78.60.246.96 DST=88.x.x.x LEN=52 TOS=0x00 PREC=0x20 TTL=123 ID=28102 DF PROTO=TCP SPT=19807 DPT=1723 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1 # iptables -L -n |grep 78.60.246.96 ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 Then I add to the rules file: ACCEPT net:78.60.246.96 fw tcp 1723 # iptables -L -n |grep 78.60.246.96 ACCEPT 47 -- 78.60.246.96 0.0.0.0/0 ACCEPT 47 -- 0.0.0.0/0 78.60.246.96 ACCEPT tcp -- 0.0.0.0/0 78.60.246.96 tcp dpt:1723 ACCEPT tcp -- 78.60.246.96 0.0.0.0/0 tcp dpt:1723 And now I can connect. shorewall 4.5.4.
The pptpserver tunnel type was actually being configured as a pptp client. Patch attached.
patch /usr/share/shorewall/Shorewall/Tunnels.pm > PPTP.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tunnels.pm b/Shorewall/Perl/Shorewall/Tunnels.pm index 218bbca..7fe7e3b 100644 --- a/Shorewall/Perl/Shorewall/Tunnels.pm +++ b/Shorewall/Perl/Shorewall/Tunnels.pm @@ -2,7 +2,6 @@ # Shorewall 4.4 -- /usr/share/shorewall/Shorewall/Tunnels.pm # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] -# # (c) 2007,2008,2009,2010,2011 - Tom Eastep ([email protected]) # # Complete documentation is available at http://shorewall.net @@ -126,9 +125,9 @@ sub setup_tunnels() { sub setup_pptp_server { my ($inchainref, $outchainref, $kind, $source, $dest ) = @_; - add_tunnel_rule $inchainref, p => 47, @$dest; - add_tunnel_rule $outchainref, p => 47, @$source; - add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$dest + add_tunnel_rule $inchainref, p => 47, @$source; + add_tunnel_rule $outchainref, p => 47, @$dest; + add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$source } sub setup_one_openvpn {
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
