From: Werner vd M. <we...@sa...> - 2006-05-04 15:13:13
|
Hi Tom, I have done the changes as laid out in your mail and with reference to the webpages you pointed me to as far as I could discern what is applicable to my setup. I still have the same problem though. Please if you could point me in another direction I would appreciate it - I am fairly sure it is a small issue that I am overlooking. I have included the dump file, but /var/log/messages contain no info as to what is going on. My config now: Zones: lan lan ext internet Interfaces: lan br0 detect routeback ext ppp0 detect Policy: $FW all ACCEPT debug lan all ACCEPT debug ext all DROP debug Rules: ACCEPT all $FW tcp 22 ACCEPT:debug all $FW udp 1195 ACCEPT all $FW udp 1196 Masq: ppp0 br0 Tunnels: openvpnserver:1196 ext 0.0.0.0/0 Any further assistance will be greatly appreciated. Kind regards Werner -----Original Message----- From: sho...@li... [mailto:sho...@li...] On Behalf Of Tom Eastep Sent: 04 May 2006 03:58 PM To: sho...@li... Subject: Re: [Shorewall-users] Shorewall/OpenVPN issue Werner vd Merwe wrote: > > If two clients connect via OpenVPN (bridged), they can access each other > without any problems, but neither of them can access the server, nor any > system behind it. > > I am fairly sure it is a Shorewall issue, but I am very new to Shorewall, > having moved over from Turtlefirewall about a week ago. May I suggest in the future, when you suspect that Shorewall is blocking communication *look at your log* (see http://www.shorewall.net/shorewall_logging.html). > > Here my configs: > > IP Forwarding is enabled. > > Zones: > lan lan > ext internet > vpn tun > > Interfaces: > lan br0 detect > ext ppp0 detect norfc1918,routefilter > vpn tun0 detect > vpn tap0 detect > Please review the article at http://www.shorewall.net/OPENVPN.html#Bridge. It give instructions for configuring an OpenVPN bridge in Shorewall. In particular: - Bridge ports (such as tap0) are never listed in the interfaces file. - The bridge (br0) needs the 'routeback' option specified. The instructions in the above article will simply make bridged clients part of your 'lan' zone. If you want to make them a separate zone, then you need to create a bridge/firewall as described at http://www.shorewall.net/bridge.html. If you have the need to make another problem report, please include the information requested at http://www.shorewall.net/support.htm. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 2006/05/03 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 2006/05/03 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 2006/05/03 |