Re: [Shorewall-users] Shorewall +PPTP server on the same machine

Fri, 07 Sep 2012 06:29:56 -0700 

:D

How sweet if you figure out on you own hey? :)

On 7 September 2012 14:15, Nico Pagliaro <[email protected]> wrote:

> I FOUND IT!!!
> I forget to COPY in the providers!!!
> Thanks for everything
> Now the providers is like this:
>
> #NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
> OPTIONS         COPY
> voip         1                1       main                         ppp0
>               detect                  track          eth0,ppp2
> internet     2               2       main                         ppp1
>             detect                  track          eth0,ppp2
>
> On Fri, Sep 7, 2012 at 9:45 AM, Nico Pagliaro <[email protected]> wrote:
>
>> I think I am doing something wrong.
>> I will try to explain my conf again (sorry about my english)
>>
>> My box has shorewall installed with 2 ADSL and pptpd
>>
>> ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
>> ppp1 - ADSL connection. Internet Traffic. This is in eth2
>> eth0 - LAN - 192.168.10.0/24
>>
>> IFCONFIG
>> ----------------
>> eth0      Link encap:Ethernet  HWaddr 00:14:85:AB:93:84
>>           inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:
>> 255.255.255.0
>>
>> eth1      Link encap:Ethernet  HWaddr 90:F6:52:03:A0:B6
>>           inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>
>> eth2      Link encap:Ethernet  HWaddr 00:01:02:E8:6D:6F
>>           inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>
>> ppp0      Link encap:Point-to-Point Protocol
>>           inet addr:186.48.234.250  P-t-P:200.40.21.7 Mask:255.255.255.255
>>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
>>
>> ppp1      Link encap:Point-to-Point Protocol
>>           inet addr:186.48.226.199  P-t-P:200.40.21.7 Mask:255.255.255.255
>>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
>>
>> ppp2      Link encap:Point-to-Point Protocol
>>           inet addr:192.168.10.80  P-t-P:192.168.10.90
>>  Mask:255.255.255.255
>>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
>>
>> PPTPD CONF
>> --------------------
>> localip 192.168.10.80-89
>> remoteip 192.168.10.90-99
>>
>>
>> SHOREWALL CONF
>> ---------------------------------
>>
>> interfaces
>> =======
>> FORMAT 2
>>
>> ###############################################################################
>>  #ZONE           INTERFACE               OPTIONS
>> loc             eth0
>> net             ppp0
>> net             ppp1
>> vpn             ppp2                     routeback
>>
>>
>>
>> zones
>> =====
>> #ZONE   TYPE            OPTIONS         IN                      OUT
>> #                                       OPTIONS                 OPTIONS
>> fw      firewall
>> net     ipv4
>> loc     ipv4
>> vpn     ipv4
>>
>>
>> masq
>> ====
>> #INTERFACE:DEST         SOURCE          ADDRESS         PROTO   PORT(S)
>> IPSEC   MARK    USER/   SWITCH
>> #
>>               GROUP
>>
>> eth0                    192.168.10.0/24
>> ppp1                    192.168.10.0/24
>> ppp0                    192.168.10.0/24
>> ppp2                    192.168.10.0/24
>>
>> rules
>> ====
>> #VPN
>> ACCEPT          net             $FW     tcp     1723
>> ACCEPT          vpn             $FW     tcp     22
>> ACCEPT          vpn             net       tcp     http,https,53
>>  ACCEPT          vpn             net       udp     53
>> ACCEPT          vpn             net       icmp    echo-request
>> ACCEPT          vpn             loc        all
>>
>> tunnels
>> =====
>>
>> #TYPE                   ZONE    GATEWAY(S)                      GATEWAY
>> #                                                               ZONE(S)
>> pptpserver      net              0.0.0.0/0
>>
>>
>>
>> I can access every server in my LAN, but no outside traffic
>>
>> For example I have this when I am doing PING, but LOSS 100%
>> Sep  7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
>> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00
>> TTL=63 ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
>> Sep  7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2
>> OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1
>> ID=1268 PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272
>>
>>
>> Thanks
>>
>>
>> On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <[email protected]> wrote:
>>
>>> Try the masq line I sent.
>>>
>>> Sorry for me that was the trick. Just did not realized...
>>>
>>> On 6 September 2012 22:40, Nico Pagliaro <[email protected]> wrote:
>>>
>>>> I try it with no luck
>>>>
>>>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>>>
>>>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>>>> > the same
>>>>> > i have this in the log
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00
>>>>> PREC=0x00
>>>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>>>
>>>>> You need the 'routeback' option on the ppp+ entry in
>>>>> /etc/shorewall/interfaces.
>>>>>
>>>>> -Tom
>>>>> --
>>>>> Tom Eastep        \ When I die, I want to go like my Grandfather who
>>>>> Shoreline,         \ died peacefully in his sleep. Not screaming like
>>>>> Washington, USA     \ all of the passengers in his car
>>>>> http://shorewall.net \________________________________________________
>>>>>
>>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>> Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>> malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> Shorewall-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Shorewall-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>
>>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to