sorry to hear you have been under the weather. hope you get well soon!
On 3/27/2015 1:17 PM, Tom Eastep wrote:
On 3/27/2015 6:14 AM, Thomas Winkler wrote:Hello, @ Ahmed : I used your latest rule but still it doesn't work. This is the iptables LOG output after running shorewall with your rule added : INPUT:DROP:IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=192.168.70.85 DST=192.168.70.19 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=14365 DF PROTO=TCP SPT=51191 DPT=1194 WINDOW=8192 RES=0x00 SYN URGP=0 So the iptable is still dropping the VPN client's initial connection request on port 1194. @ Angela : I am using TCP so I added 'tcp' in tunnels but as above mentioned the VPN client can't connect to the openvpn server ( iptables shows same DROP behavior as above mentioned). This is my configuration : interfaces:vpn tun+ policy:loc vpn ACCEPT policy:vpn fw ACCEPT policy:vpn net ACCEPT policy:vpn loc ACCEPT tunnels:openvpnserver:tcp:1194 net 0.0.0.0/0 zones:vpn ipv4 As shorewall also doesn't generate the shorewall.log file, I begin to believe that my Debian Wheezy ARM shorewall version might have some errors ?The clue here is that the packet is being dropped in the INPUT chain -- see Shorewall FAQ 17. If that doesn't help, then please follow Angela's latest advise. Thanks, -Tom PS to the list -- I've been ill the last week, but am slowly beginning to bet back to normal. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
'''
(O O)
,-------------- oOO-(_)-OOo -------------,
| Stephen Williams |
| Manager of Computer Services |
| Center for Space Research |
| University of Texas at Austin |
| 3925 W. Braker Ln., Suite 200 |
| Austin, TX 78759-5321 |
| 512.471.7235 512.471.3570 (fax) |
| [email protected] |
|____________________ Oooo ______________|
oooO ( )
( ) ) /
\ ( (_/
\_)
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
