Re: [Shorewall-users] FW: DNAT Protocol 47

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello I'm not an expert, but your dump shows in Modules:
> Modules
> *
> **ip_gre                  9575  0*
> ip_set                 30977  1 xt_set
> iptable_filter          2793  1
> iptable_mangle          3349  1
> iptable_nat             6051  1
> iptable_raw             2264  0
> ip_tables              17831  4 
> iptable_raw,iptable_nat,iptable_mangle,iptable_filter
> ipt_addrtype            2153  5
> ipt_ah                  1247  0
> ipt_CLUSTERIP           6796  0
> ipt_ecn                 1507  0
> ipt_ECN                 1955  0
> ipt_LOG                 5845  7
> ipt_MASQUERADE          2466  3
> ipt_NETMAP              1832  0
> ipt_REDIRECT            1840  0
> ipt_REJECT              2351  4
> ipt_ULOG               10765  0
> *ip_tunnel              12693  1 ip_gre*
My 'rules' file shows a :
> GRE/ACCEPT
line.

Hope this helps.
Nicolas

On 16/12/2014 20:45, Gary Phillips wrote:
>   I have used various versions of shorewall on older Linux servers with great success.
>   I have recently replaced one of our old servers with CentOS 6.6 and installed Shorewall 4.5.4 from the epel repo.
>   Please find attached the Shorewall dump file as requested on your support page
>
> When I try and use a DNAT rule to forward pptp traffic to a Microsoft ras server (which was working in a previous version) The client connects and authenticates on port 1723 and a VPN session is established but no protocol 47 traffic is recorded by Shorewall  and I am unable to communicate with any computers on the local network.
>
> Client source ip (in the dump) 85.255.233.8
>
> Shorewall server eth0 (net) 157.228.196.187
> Shorewall server eth1 (loc) 10.1.0.6
>
> Microsoft RAS server 10.1.0.10
>
> I have also opened the L2TP ports but the same happens, I connect and authenticate but no traffic is send over protocol 50
>
> Any help would be greatly appreciated
>   Gary
>