>> I am trying shorewall as my previous post With alisias on eth1 loc
> and 4
>> pptp client vpns.
>> The odd thing is when I enter one of the vpns in interfaces such as vpn1
>> But if I enter the vpn in the hosts file shorewall blocks the vpns.
>> #ZONE HOST(S) OPTIONS
>> loc eth1:192.168.25.0/24
>> loctw eth1:192.168.50.0/24
>> locsa eth1:192.168.75.0/24
>> vpntw ppp+:!192.168.50.0/24
>> vpnsa ppp+:!192.168.75.0/24
>> #vpn3 ppp+:!192.168.3.0/24
>> net eth0 detect routefilter,norfc1918,tcpflags
>> - eth1 192.168.25.255,192.168.50.255,192.168.75.255
>> - ppp+
>> now if I comment out vpnsa in hosts and enter vpnsa in interfaces it
>> (meaning the tunnel can talk :).
>> I can not figure out what the trouble is.
> To fully debug this, please post the entire config, as tested. There are
> some finer points in the other files that may have an effect on what
> happens here(I'm thinking order of the zones). In your example above,
> it's hard to tell what the vlan/business/zone/interface relationship is.
> The more detail you provide, the clearer the picture becomes for the rest
> of us. Just to clarify, what did the entry in interfaces look like, when
> worked for you? This then needs to be taken in context, with what is in
> the rest of your config, at that point. If your "loctw" is using
> why exclude 192.168.50.0/24 from the "vpntw" zone? In this hosts file, we
> are defining what netblocks, on/or through an interface, belong to what
> Off the top of my head, think the way "I might" do it would be:
> net eth0 detect routefilter,norfc1918,tcpflags
> - eth1 192.168.X.X,192.168.25.255,192.168.50.255,192.168.75.255
> - ppp+
> loc eth1:192.168.X.X/24
> biz1 eth1:192.168.50.0/24
> biz1 ppp+:192.168.50.0/24,<netblock of 'home' lan>
> biz2 eth1:192.168.75.0/24
> biz2 ppp+:192.168.75.0/24,<netblock of 'home' lan>
> biz3 you get the idea....
> #SOURCE DEST POLICY
> (at the top)
> biz3 biz3 ACCEPT
> biz2 biz2 ACCEPT
> biz1 biz1 ACCEPT
> (before the reject/drop policy)
> biz1 biz2 NONE
> biz2 biz1 NONE
> biz1 biz3 NONE
> biz3 biz1 NONE
> biz2 biz3 NONE
> biz3 biz2 NONE
> 192.168.X.X would be the primary ip address of the loc zone,
> unused by any bizX zones, that one is for your use only.
> Without the config files and the output shorewall status,
> everything is just a guess.... Hope it helps.
I posted my config a minute ago Hopefully it will show up If not I will
repost. In the above example.
If I comment out biz2 ppp+:192.168.75.0/24,<netblock of
in the hosts file and enter "biz2" in interfaces instead of hosts I can
throught the pptp tunnel.
With the entry in the hosts file I get this from /var/log/messages
Jun 26 11:39:24 66-224-62-110 kernel: Shorewall:all2all:REJECT:IN=ppp0 OUT=
MAC= SRC=10.3.85.104 DST=188.8.131.52 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=15254