Strange,
I remember that did not work for me.
Checked and still does not work... (commented for the test my masq line)
And realized my solution was
/etc/shorewall/masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S)
IPSEC $
eth0 10.10.0.0/24 (vpn users range)
however google, gmail, etc works, but some www sites do not (most is https,
but use gmail also via https only)
You meant like this I suppose :
#ZONE INTERFACE BROADCAST OPTIONS
loc ppp+ - routeback
On 6 September 2012 22:21, Tom Eastep <[email protected]> wrote:
> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
> > the same
> > i have this in the log
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>
> You need the 'routeback' option on the ppp+ entry in
> /etc/shorewall/interfaces.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
