From: Tom E. <te...@sh...> - 2006-11-30 15:46:18
|
Ed wrote: > Hi all, > I have a VPN setup but it only works once in a while. It seems my fire= wall=20 > (shorewall 3.0.8) is blocking protocol 47. >=20 > Here is what I have: >=20 > eth0: internet > eth2: dmz - my pptp server >=20 > My entry In the rules file: > pptp/ACCEPT fw dmz:192.168.253.2 >=20 > My pptp macro > #######################################################################= ######## > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE = USER/ > # PORT PORT(S) DEST LIMIT = GROUP > PARAM - - tcp 1723 > PARAM - - 47 - > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >=20 > What my log reports: > warn.log:Nov 30 09:44:32 fw01 Shorewall:dmz2all:REJECT:IN=3Deth2 OUT=3D= eth0=20 > SRC=3D192.168.2.12 DST=3D81.233.229.117 LEN=3D65 TOS=3D0x00 PREC=3D0x00= TTL=3D63 ID=3D49617=20 > DF PROTO=3D47 >=20 > Am I being thick and missing something obvious or could this be a bug o= f some=20 > sort? The server is the first to speak GRE which your macro isn't allowing. You need to add this line to your macro: PARAM DEST SOURCE 47 That requires that you be running Shorewall 3.2. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |