On 1/27/2015 6:44 AM, [email protected] wrote: > Hello > > I have two machines connect over OpenVPN. > > I'm adding Shorewall protection to them both. I installed > > shorewall6-lite version > 4.6.6.1 > > yesterday on both machines. > > I have the firewalls working ok for normal internet traffic with servers, > LANs, etc. > > But I'm stuck on a puzzle with the OpenVPN connection. > > The overall setup looks like this > > SVR1 > eth0 XX.XX.XX.XX > 192.168.1.1 > tun0 10.1.1.1 > > SVR2 > eth0 YY.YY.YY.YY > tun0 10.1.1.2 > eth1 192.168.2.1 > > With Shorewall in place, The VPN is up and I can ping VPN > endpoint-to-endpoint in both directions. I.e. both of these work > > SVR1 > ping 10.1.1.2 > > SVR2 > ping 10.1.1.1 > > But when I ping lan-to-lan > > SVR1 > ping 192.168.2.7 > > I get blocked on SVR2 with > > Jan 27 09:04:39 ganymede kernel: [663916.258385] > shorewall:vpn2lan:REJECT IN=tun0 OUT=eth1 SRC=10.1.1.1 DST=192.168.2.7 > LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=15925 DF PROTO=ICMP TYPE=8 CODE=0 > ID=29216 SEQ=1 > > It's failing on communication between 'vpn' and 'lan' zones according to the > log on SVR2 with > > vpn2lan:REJECT > > Even though I have these in Shorewall rules > > Ping(ACCEPT) vpn lan > Ping(ACCEPT) lan vpn > > This should be pretty simple and I probably did something obviously wrong but > I don't see it yet. > > Any ideas please?
Please post the output of 'shorewall show vpn2lan' Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
