but ppgrp was replaced with vpn right? as it's your ppp+ if.
On 6 September 2012 20:12, Nico Pagliaro <[email protected]> wrote:
> the same
> i have this in the log
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=8
> ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=9
> ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=10
> ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=11
> ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=12
> ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=13
> ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
> Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=14
> ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=15
> ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=16
> ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
> Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 OUT=ppp0
> SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 TTL=17
> ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>
>
> ppp2 = pptp
> ppp0 adsl1
> 192.168.10.90 is me outside connected to the vpn
>
>
> On Thu, Sep 6, 2012 at 4:01 PM, DanyD <[email protected]> wrote:
>
>> See HINT comment
>>
>> Bogdan T.
>>
>> SysAdmin
>> tbogdan<.a|t.>direkt.ro
>> ----------------------------
>> www.direkt.ro
>> www.first-car.ro
>>
>>
>>
>> On 06-09-12 6:53 PM, Nico Pagliaro wrote:
>>
>> Hi everybody, I am having this problem
>>
>> I have 2 adsl in my firewall
>> adsl1 - eth1
>> ads2 - eth2
>> lan - eth0 192.168.10.0/24
>>
>> and shorewall
>>
>> Now I have installed pptpd in my firewall and works
>> My client connects without probem and can access local servers, also I
>> can ssh to my FW
>>
>> The problem is that once connected to the vpn they can not access
>> internet.
>> here is my conf:
>>
>> etc/pptpd.conf
>> -------------------
>> option /etc/ppp/options.pptpd
>> logwtmp
>> localip 192.168.10.80-89
>> remoteip 192.168.10.90-99
>>
>>
>> Shorewall
>> ----------
>> interfaces
>> #ZONE INTERFACE OPTIONS
>> loc eth0
>> net ppp0
>> net ppp1
>> vpn ppp+
>>
>>
>> *HINT*
>> you can make also something like this
>>
>> loc ppp+
>> as replacement for
>> vpn ppp+
>>
>>
>> zones
>> #ZONE TYPE OPTIONS IN OUT
>> # OPTIONS OPTIONS
>> fw firewall
>> net ipv4
>> loc ipv4
>> vpn ipv4
>>
>> rules
>> #VPN
>> ACCEPT net $FW tcp 1723
>> ACCEPT vpn $FW tcp 22
>> ACCEPT vpn net tcp http,https
>> ACCEPT vpn net udp 53
>>
>>
>> tunnels
>> #TYPE ZONE GATEWAY(S) GATEWAY
>> # ZONE(S)
>> pptpserver net 0.0.0.0/0
>>
>>
>>
>> masq
>> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
>> IPSEC MARK USER/ SWITCH
>> #
>> GROUP
>>
>>
>> ppp1 192.168.10.0/24
>> ppp0 192.168.10.0/24
>> ppp+ 192.168.10.0/24
>>
>>
>> I dont know what I am doing wrong.
>>
>> Any idea?
>>
>> Really thanks
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>
>>
>>
>> _______________________________________________
>> Shorewall-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
