On 12/16/2014 1:45 AM, Gary Phillips wrote: > > I have used various versions of shorewall on older Linux servers with great > success. > I have recently replaced one of our old servers with CentOS 6.6 and > installed Shorewall 4.5.4 from the epel repo. > Please find attached the Shorewall dump file as requested on your support > page > > When I try and use a DNAT rule to forward pptp traffic to a Microsoft ras > server (which was working in a previous version) The client connects and > authenticates on port 1723 and a VPN session is established but no protocol > 47 traffic is recorded by Shorewall and I am unable to communicate with any > computers on the local network. > > Client source ip (in the dump) 85.255.233.8 > > Shorewall server eth0 (net) 157.228.196.187 > Shorewall server eth1 (loc) 10.1.0.6 > > Microsoft RAS server 10.1.0.10 > > I have also opened the L2TP ports but the same happens, I connect and > authenticate but no traffic is send over protocol 50 > > Any help would be greatly appreciated
Using a packet sniffer, can you see proto 47 packets arriving on your net interface? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
