From: David O. <dol...@pl...> - 2004-07-16 11:53:51
|
I have managed to setup a bridged VPN with openvpn, now my only problem is that i can't get it working with shorewall. Maybe i'm missing something obvious.... Or Maybe this is a bug fixed in a later version of shorewall or maybe its something to do with iptables or how the kernel was compiled. Can someone please shed some light on this for me: =20 ALL THE DETAILS: =20 Bridging Script: =20 #!/bin/bash modprobe tun modprobe bridge =20 openvpn --mktun --dev tap0 openvpn --mktun --dev tap1 =20 brctl addbr br0 brctl addif br0 eth2 brctl addif br0 tap0 brctl addif br0 tap1 =20 ifconfig tap0 0.0.0.0 promisc up ifconfig tap1 0.0.0.0 promisc up ifconfig eth2 0.0.0.0 promisc up =20 ifconfig br0 10.0.1.1 netmask 255.255.255.0 broadcast 10.0.0.255 =20 =20 =20 Ifconfig Output: =20 br0 Link encap:Ethernet HWaddr 00:FF:16:F5:63:DA =20 inet addr:10.0.1.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::2ff:16ff:fef5:63da/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0=20 RX bytes:6623 (6.4 KiB) TX bytes:348 (348.0 b) =20 eth0 Link encap:Ethernet HWaddr 00:08:A1:63:6C:F4 =20 inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::208:a1ff:fe63:6cf4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6911 errors:0 dropped:0 overruns:0 frame:0 TX packets:1991 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000=20 RX bytes:735015 (717.7 KiB) TX bytes:272759 (266.3 KiB) Interrupt:9 Base address:0xd800=20 =20 eth1 Link encap:Ethernet HWaddr 00:D0:B7:0C:36:C9 =20 inet addr:10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::2d0:b7ff:fe0c:36c9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3517 errors:0 dropped:0 overruns:0 frame:0 TX packets:2457 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000=20 RX bytes:398326 (388.9 KiB) TX bytes:343284 (335.2 KiB) Interrupt:11 Base address:0x3000=20 =20 eth2 Link encap:Ethernet HWaddr 00:D0:B7:0C:36:12 =20 inet addr:10.0.1.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::2d0:b7ff:fe0c:3612/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5065 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000=20 RX bytes:543773 (531.0 KiB) TX bytes:1160 (1.1 KiB) Interrupt:10 Base address:0x5000=20 =20 lo Link encap:Local Loopback =20 inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:29 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0=20 RX bytes:3086 (3.0 KiB) TX bytes:3086 (3.0 KiB) =20 tap0 Link encap:Ethernet HWaddr 00:FF:D9:4B:B3:D7 =20 inet6 addr: fe80::2ff:d9ff:fe4b:b3d7/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:4 overruns:0 carrier:0 collisions:0 txqueuelen:1000=20 RX bytes:7379 (7.2 KiB) TX bytes:0 (0.0 b) =20 tap1 Link encap:Ethernet HWaddr 00:FF:16:F5:63:DA =20 inet6 addr: fe80::2ff:16ff:fef5:63da/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:58 overruns:0 carrier:0 collisions:0 txqueuelen:1000=20 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) =20 =20 =20 Shorewall Config: =20 Zones: #ZONE DISPLAY COMMENTS vpn VPN VPN Network =20 Interfaces: #ZONE INTERFACE BROADCAST OPTIONS - br0 10.0.1.255 =20 Hosts: #ZONE HOST(S) OPTIONS vpn br0:eth2 =20 The ERROR: =20 Processing /etc/shorewall/ecn... Activating Rules... iptables v1.2.9-20040409: host/network `eth2' not found Try `iptables -h' or 'iptables --help' for more information. Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... Terminated =20 Debug of the ERROR: =20 + interface1=3Dbr0 + networks1=3Deth2 + '[' eth0:0.0.0.0/0 '!=3D' br0:eth2 ']' ++ match_source_hosts 0.0.0.0/0 ++ '[' -n '' ']' ++ echo -s 0.0.0.0/0 ++ match_dest_hosts eth2 ++ '[' -n '' ']' ++ echo -d eth2 + run_iptables -A eth0_fwd -s 0.0.0.0/0 -o br0 -d eth2 -j net2all + '[' -n '' ']' + iptables -A eth0_fwd -s 0.0.0.0/0 -o br0 -d eth2 -j net2all <--- ERROR HERE? iptables v1.2.9-20040409: host/network `eth2' not found Try `iptables -h' or 'iptables --help' for more information. + '[' -z '' ']' + stop_firewall =20 If you are busy trying to figure this out, then thanks alot for your time. =20 -David Olivier DISCLAIMER: The information contained in this communication is confidential and may = be legally privileged. It is intended solely for the use of the = individual or entity to whom it is addressed and others authorised to = receive it. If you are not the intended recipient you are hereby = notified that any disclosure, copying, distribution or taking action in = reliance of the contents of this information is strictly prohibited and = may be unlawful. Plus 94 Harris is neither liable for the proper, = complete transmission of the information contained in this communication = nor any delay in its receipt. |