Hi List,
I recently switched to Shorewall, and I it works like a charm (well...
nearly :)
However, there is (minor) problem when using a pptp-client behind the
firewall.
Based on the two interface example, I like to use a (masq) client to connect
to an pptp-server outside:
Client (private net) -> { (private net) <-FW-> (public net) } -> Internet
-> PPtP-server
Modules loaded:
nf_nat_pptp
nf_nat_proto_gre
nf_conntrack_pptp
nf_conntrack_proto_gre
The request went out, but the response (gre, 47) is blocked by the rule
"net2fw", so no connection is possible. If I manually add the rule for gre
(macro.GRE) in section "NEW", it works as expected.
So my question(s):
Is this really necessary, or am I missing something?
If this is needed, should the destination be "$FW", "loc" or "all"?
Thanks in advance,
Tarqi
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
