From: Tom E. <te...@sh...> - 2002-08-27 01:13:14
|
On Mon, 26 Aug 2002, Tom Eastep wrote: > On Monday 26 August 2002 01:32 pm, Kevyn Snary wrote: > > I have everything working fine but I have to have: > > > > all all ACCEPT > > > > in the policies file or else the VPN won't work, the rules file is defined > > with what ports I want opened to the Internet and port forwarding. > > > > VPN is a generic term that covers at least half a dozen protocols -- you're > going to have to be more specific. Also, if you don't have the all->all > ACCEPT policy, what does "shorewall show log" tell you. Adding a all->all > ACCEPT policy takes away the best diagnostic tool you have -- the log.... > Let me see if I can be clearer. The default all->all policy is REJECT with logging at the INFO level. This allows you to see every connection request that is rejected under that policy. You are report that your VPN doesn't work with that policy so you have substituted all->all ACCEPT. If you have retained the net->all DROP policy from the default setup, you're probably OK but by removing the logging under the original all->all policy, you now don't know what your new policy is letting through that is crucial to your VPN's operation. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |