Hi,
Might be wrong, but add a zone also to tunnels?
tunnels
#TYPE ZONE GATEWAY(S) GATEWAY
# ZONE(S)
pptpserver net 0.0.0.0/0
On 6 September 2012 18:58, Nico Pagliaro <[email protected]> wrote:
> I have this in my log
> Sep 6 15:42:17 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp1
> SRC=192.168.10.90 DST=200.40.30.245 LEN=70 TOS=0x00 PREC=0x00 TTL=254
> ID=34532 PROTO=UDP SPT=54024 DPT=53 LEN=50
>
>
> ppp2 = pptp
> ppp1 is one of my adsl
>
>
> On Thu, Sep 6, 2012 at 12:53 PM, Nico Pagliaro <[email protected]> wrote:
>
>> Hi everybody, I am having this problem
>>
>> I have 2 adsl in my firewall
>> adsl1 - eth1
>> ads2 - eth2
>> lan - eth0 192.168.10.0/24
>>
>> and shorewall
>>
>> Now I have installed pptpd in my firewall and works
>> My client connects without probem and can access local servers, also I
>> can ssh to my FW
>>
>> The problem is that once connected to the vpn they can not access
>> internet.
>> here is my conf:
>>
>> etc/pptpd.conf
>> -------------------
>> option /etc/ppp/options.pptpd
>> logwtmp
>> localip 192.168.10.80-89
>> remoteip 192.168.10.90-99
>>
>>
>> Shorewall
>> ----------
>> interfaces
>> #ZONE INTERFACE OPTIONS
>> loc eth0
>> net ppp0
>> net ppp1
>> vpn ppp+
>>
>>
>> zones
>> #ZONE TYPE OPTIONS IN OUT
>> # OPTIONS OPTIONS
>> fw firewall
>> net ipv4
>> loc ipv4
>> vpn ipv4
>>
>> rules
>> #VPN
>> ACCEPT net $FW tcp 1723
>> ACCEPT vpn $FW tcp 22
>> ACCEPT vpn net tcp http,https
>> ACCEPT vpn net udp 53
>>
>>
>> tunnels
>> #TYPE ZONE GATEWAY(S) GATEWAY
>> # ZONE(S)
>> pptpserver net 0.0.0.0/0
>>
>>
>>
>> masq
>> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
>> IPSEC MARK USER/ SWITCH
>> #
>> GROUP
>>
>>
>> ppp1 192.168.10.0/24
>> ppp0 192.168.10.0/24
>> ppp+ 192.168.10.0/24
>>
>>
>> I dont know what I am doing wrong.
>>
>> Any idea?
>>
>> Really thanks
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
