Ok, I found out the following:
PPTP Client from the LAN to a remote side needs NO modules loaded, which means: If the modules: nf_nat_pptp nf_nat_proto_gre nf_conntrack_pptp nf_conntrack_proto_gre are NOT loaded, everything works like expected. There are NO rules needed. However, how can I prevent shorewall from loading these modules? I did the following: - copied "helpers" to /etc/shorewall AND commented out the modules - set strongwall.conf "AUTOHELPERS" to "No" - set strongwall.conf "LOAD_HELPERS_ONLY" to "Yes" - set strongwall.conf "HELPERS" to "" However, the modules are still loaded. There are no rules, which may autoload them involved. Any clues? Thanks, Tarqi -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Wednesday, September 19, 2012 6:37 PM To: [email protected] Subject: Re: [Shorewall-users] GRE blocked on Masq PPTP On 09/19/2012 05:20 AM, Nico Pagliaro wrote: > Tom, the tunnels file doesnt work here? > The tunnels file only applies when a VPN endpoint is on the firewall itself. As I understood the problem, the VPN client is in the local network and the server is remote. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
