Re: [Shorewall-users] Shorewall +PPTP server on the same machine

Fri, 07 Sep 2012 05:50:19 -0700 

I think I am doing something wrong.
I will try to explain my conf again (sorry about my english)

My box has shorewall installed with 2 ADSL and pptpd

ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
ppp1 - ADSL connection. Internet Traffic. This is in eth2
eth0 - LAN - 192.168.10.0/24

IFCONFIG
----------------
eth0      Link encap:Ethernet  HWaddr 00:14:85:AB:93:84
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 90:F6:52:03:A0:B6
          inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth2      Link encap:Ethernet  HWaddr 00:01:02:E8:6D:6F
          inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ppp0      Link encap:Point-to-Point Protocol
          inet addr:186.48.234.250  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp1      Link encap:Point-to-Point Protocol
          inet addr:186.48.226.199  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp2      Link encap:Point-to-Point Protocol
          inet addr:192.168.10.80  P-t-P:192.168.10.90  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1

PPTPD CONF
--------------------
localip 192.168.10.80-89
remoteip 192.168.10.90-99


SHOREWALL CONF
---------------------------------

interfaces
=======
FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
loc             eth0
net             ppp0
net             ppp1
vpn             ppp2                     routeback



zones
=====
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4
vpn     ipv4


masq
====
#INTERFACE:DEST         SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK    USER/   SWITCH
#
            GROUP

eth0                    192.168.10.0/24
ppp1                    192.168.10.0/24
ppp0                    192.168.10.0/24
ppp2                    192.168.10.0/24

rules
====
#VPN
ACCEPT          net             $FW     tcp     1723
ACCEPT          vpn             $FW     tcp     22
ACCEPT          vpn             net       tcp     http,https,53
ACCEPT          vpn             net       udp     53
ACCEPT          vpn             net       icmp    echo-request
ACCEPT          vpn             loc        all

tunnels
=====

#TYPE                   ZONE    GATEWAY(S)                      GATEWAY
#                                                               ZONE(S)
pptpserver      net              0.0.0.0/0



I can access every server in my LAN, but no outside traffic

For example I have this when I am doing PING, but LOSS 100%
Sep  7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=63
ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
Sep  7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1 ID=1268
PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272


Thanks


On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <[email protected]> wrote:

> Try the masq line I sent.
>
> Sorry for me that was the trick. Just did not realized...
>
> On 6 September 2012 22:40, Nico Pagliaro <[email protected]> wrote:
>
>> I try it with no luck
>>
>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>
>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>> > the same
>>> > i have this in the log
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>
>>> You need the 'routeback' option on the ppp+ entry in
>>> /etc/shorewall/interfaces.
>>>
>>> -Tom
>>> --
>>> Tom Eastep        \ When I die, I want to go like my Grandfather who
>>> Shoreline,         \ died peacefully in his sleep. Not screaming like
>>> Washington, USA     \ all of the passengers in his car
>>> http://shorewall.net \________________________________________________
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to