From: Nico P. <ni...@gm...> - 2012-09-07 12:46:02
|
I think I am doing something wrong. I will try to explain my conf again (sorry about my english) My box has shorewall installed with 2 ADSL and pptpd ppp0 - ADSL connection (I use this only for VoIP). this is in eth1 ppp1 - ADSL connection. Internet Traffic. This is in eth2 eth0 - LAN - 192.168.10.0/24 IFCONFIG ---------------- eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84 inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6 inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ppp0 Link encap:Point-to-Point Protocol inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 ppp1 Link encap:Point-to-Point Protocol inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 ppp2 Link encap:Point-to-Point Protocol inet addr:192.168.10.80 P-t-P:192.168.10.90 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1 PPTPD CONF -------------------- localip 192.168.10.80-89 remoteip 192.168.10.90-99 SHOREWALL CONF --------------------------------- interfaces ======= FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS loc eth0 net ppp0 net ppp1 vpn ppp2 routeback zones ===== #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 vpn ipv4 masq ==== #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH # GROUP eth0 192.168.10.0/24 ppp1 192.168.10.0/24 ppp0 192.168.10.0/24 ppp2 192.168.10.0/24 rules ==== #VPN ACCEPT net $FW tcp 1723 ACCEPT vpn $FW tcp 22 ACCEPT vpn net tcp http,https,53 ACCEPT vpn net udp 53 ACCEPT vpn net icmp echo-request ACCEPT vpn loc all tunnels ===== #TYPE ZONE GATEWAY(S) GATEWAY # ZONE(S) pptpserver net 0.0.0.0/0 I can access every server in my LAN, but no outside traffic For example I have this when I am doing PING, but LOSS 100% Sep 7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457 Sep 7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0 SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1 ID=1268 PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272 Thanks On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <mer...@gm...> wrote: > Try the masq line I sent. > > Sorry for me that was the trick. Just did not realized... > > On 6 September 2012 22:40, Nico Pagliaro <ni...@gm...> wrote: > >> I try it with no luck >> >> El jueves, 6 de septiembre de 2012, Tom Eastep escribió: >> >> On 9/6/12 12:12 PM, Nico Pagliaro wrote: >>> > the same >>> > i have this in the log >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198 >>> > Sep 6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199 >>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200 >>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201 >>> > Sep 6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2 >>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00 >>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202 >>> >>> You need the 'routeback' option on the ppp+ entry in >>> /etc/shorewall/interfaces. >>> >>> -Tom >>> -- >>> Tom Eastep \ When I die, I want to go like my Grandfather who >>> Shoreline, \ died peacefully in his sleep. Not screaming like >>> Washington, USA \ all of the passengers in his car >>> http://shorewall.net \________________________________________________ >>> >>> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Shorewall-users mailing list >> Sho...@li... >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > |