Re: [Shorewall-users] Shorewall +PPTP server on the same machine

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I think I am doing something wrong.
I will try to explain my conf again (sorry about my english)

My box has shorewall installed with 2 ADSL and pptpd

ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
ppp1 - ADSL connection. Internet Traffic. This is in eth2
eth0 - LAN - 192.168.10.0/24

IFCONFIG
----------------
eth0      Link encap:Ethernet  HWaddr 00:14:85:AB:93:84
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 90:F6:52:03:A0:B6
          inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth2      Link encap:Ethernet  HWaddr 00:01:02:E8:6D:6F
          inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ppp0      Link encap:Point-to-Point Protocol
          inet addr:186.48.234.250  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp1      Link encap:Point-to-Point Protocol
          inet addr:186.48.226.199  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp2      Link encap:Point-to-Point Protocol
          inet addr:192.168.10.80  P-t-P:192.168.10.90  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1

PPTPD CONF
--------------------
localip 192.168.10.80-89
remoteip 192.168.10.90-99

SHOREWALL CONF
---------------------------------

interfaces
=======
FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
loc             eth0
net             ppp0
net             ppp1
vpn             ppp2                     routeback

zones
=====
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4
vpn     ipv4

masq
====
#INTERFACE:DEST         SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK    USER/   SWITCH
#
            GROUP

eth0                    192.168.10.0/24
ppp1                    192.168.10.0/24
ppp0                    192.168.10.0/24
ppp2                    192.168.10.0/24

rules
====
#VPN
ACCEPT          net             $FW     tcp     1723
ACCEPT          vpn             $FW     tcp     22
ACCEPT          vpn             net       tcp     http,https,53
ACCEPT          vpn             net       udp     53
ACCEPT          vpn             net       icmp    echo-request
ACCEPT          vpn             loc        all

tunnels
=====

#TYPE                   ZONE    GATEWAY(S)                      GATEWAY
#                                                               ZONE(S)
pptpserver      net              0.0.0.0/0

I can access every server in my LAN, but no outside traffic

For example I have this when I am doing PING, but LOSS 100%
Sep  7 10:31:06 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=63
ID=48597 PROTO=ICMP TYPE=8 CODE=0 ID=152 SEQ=457
Sep  7 10:31:07 localhost kernel: Shorewall:vpn2net:ACCEPT:IN=ppp2 OUT=ppp0
SRC=192.168.10.90 DST=73.30.38.140 LEN=84 TOS=0x00 PREC=0x00 TTL=1 ID=1268
PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=2272

Thanks

On Thu, Sep 6, 2012 at 6:45 PM, Gábor Majoros <mer...@gm...> wrote:

> Try the masq line I sent.
>
> Sorry for me that was the trick. Just did not realized...
>
> On 6 September 2012 22:40, Nico Pagliaro <ni...@gm...> wrote:
>
>> I try it with no luck
>>
>> El jueves, 6 de septiembre de 2012, Tom Eastep escribió:
>>
>> On 9/6/12 12:12 PM, Nico Pagliaro wrote:
>>> > the same
>>> > i have this in the log
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=8 ID=64596 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2193
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=9 ID=28511 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2194
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=10 ID=629 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2195
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=11 ID=30775 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2196
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=12 ID=13589 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2197
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=13 ID=23363 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2198
>>> > Sep  6 16:56:43 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=14 ID=29285 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2199
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=15 ID=40304 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2200
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=16 ID=25355 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2201
>>> > Sep  6 16:56:44 localhost kernel: Shorewall:sfilter:DROP:IN=ppp2
>>> > OUT=ppp0 SRC=192.168.10.90 DST=200.40.139.50 LEN=84 TOS=0x00 PREC=0x00
>>> > TTL=17 ID=7209 PROTO=ICMP TYPE=8 CODE=0 ID=184 SEQ=2202
>>>
>>> You need the 'routeback' option on the ppp+ entry in
>>> /etc/shorewall/interfaces.
>>>
>>> -Tom
>>> --
>>> Tom Eastep        \ When I die, I want to go like my Grandfather who
>>> Shoreline,         \ died peacefully in his sleep. Not screaming like
>>> Washington, USA     \ all of the passengers in his car
>>> http://shorewall.net \________________________________________________
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> Sho...@li...
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Sho...@li...
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>