I FOUND IT!!!
I forget to COPY in the providers!!!
Thanks for everything
Now the providers is like this:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
voip 1 1 main ppp0
detect track eth0,ppp2
internet 2 2 main ppp1
detect track eth0,ppp2
On Fri, Sep 7, 2012 at 9:45 AM, Nico Pagliaro <[email protected]> wrote:
> I think I am doing something wrong.
> I will try to explain my conf again (sorry about my english)
>
> My box has shorewall installed with 2 ADSL and pptpd
>
> ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
> ppp1 - ADSL connection. Internet Traffic. This is in eth2
> eth0 - LAN - 192.168.10.0/24
>
> IFCONFIG
> ----------------
> eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84
> inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
>
> eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6
> inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F
> inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
>
> ppp1 Link encap:Point-to-Point Protocol
> inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
>
> ppp2 Link encap:Point-to-Point Protocol
> inet addr:192.168.10.80 P-t-P:192.168.10.90
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
>
> PPTPD CONF
> --------------------
> localip 192.168.10.80-89
> remoteip 192.168.10.90-99
>
>
> SHOREWALL CONF
> ---------------------------------
>
> interfaces
> =======
> FORMAT 2
>
> ###############################################################################
> #ZONE INTERFACE OPTIONS
> loc eth0
> net ppp0
> net ppp1
> vpn ppp2 routeback
>
>
>
> zones
> =====
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc ipv4
> vpn ipv4
>
>
> masq
> ====
> #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
> IPSEC MARK USER/ SWITCH
> #
> GROUP
>
> eth0 192.168.10.0/24
> ppp1 192.168.10.0/24
> ppp0 192.168.10.0/24
> ppp2 192.168.10.0/24
>
> rules
> ====
> #VPN
> ACCEPT net $FW tcp 1723
> ACCEPT vpn $FW tcp 22
> ACCEPT vpn net tcp http,https,53
> ACCEPT vpn net udp 53
> ACCEPT vpn net icmp echo-request
> ACCEPT vpn loc all
>
> tunnels
> =====
>
> #TYPE ZONE GATEWAY(S) GATEWAY
> # ZONE(S)
> pptpserver net 0.0.0.0/0
>
>
>
> I can access every server in my LAN, but no outside traffic
>
> For example I have this when I am doing PING, but LOSS 100%
> Sep 7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00
> TTL=63 ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
> Sep 7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1
> ID=1268 PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272
>
>
> Thanks
>
>
> On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <[email protected]> wrote:
>
>> Try the masq line I sent.
>>
>> Sorry for me that was the trick. Just did not realized...
>>
>> On 6 September 2012 22:40, Nico Pagliaro <[email protected]> wrote:
>>
>>> I try it with no luck
>>>
>>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>>
>>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>>> > the same
>>>> > i have this in the log
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>> PREC=0x00
>>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>>
>>>> You need the 'routeback' option on the ppp+ entry in
>>>> /etc/shorewall/interfaces.
>>>>
>>>> -Tom
>>>> --
>>>> Tom Eastep \ When I die, I want to go like my Grandfather who
>>>> Shoreline, \ died peacefully in his sleep. Not screaming like
>>>> Washington, USA \ all of the passengers in his car
>>>> http://shorewall.net \________________________________________________
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Shorewall-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
