I'm so sorry about writing like this the problem is that, to see the server I have to travel around 50Kms... an I only can go in the weekends. (so remote server)
Ok the PPTP server is working so good and in the default ports. I can connect to the server with the last comand that you gave me.
This appears to be smb browsing. This needs to be able to talk to the broadcast address, as you can see here: 192.168.181.255. Support for broadcasts is a bit hackish in Vuurmuur (I plan to replace this). What you need is a rule like this:
accept service samba from local.lan to firewall
(where local.lan is the network 192.168.181.x)
This will make sure the broadcast address is also allowed because in the samba service the 'broadcast' flag is enabled.
As for the ping, that must have a different reason, so please paste a log of that as well.
Cheers,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm not sure what you expect from me here. I see a number of dropped connection attempts to TCP port 1999, 2000, 2001 and 55776. What are these connections? Did you try adding services for them?
Cheers,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi victor.
I'm so sorry about writing like this the problem is that, to see the server I have to travel around 50Kms... an I only can go in the weekends. (so remote server)
Ok the PPTP server is working so good and in the default ports. I can connect to the server with the last comand that you gave me.
But When I try to make ping or reach the server in http://myserver/server-manager
The screen of the server shows me this:
vrmr: DROP in policy IN=eht0 OUT= MAC=ff:ff:ff:ff:00:02:a5:9c:97:11:XX:XX
SRC: 192.168.181.243 DST=192.168.181.255 LEN=79 TOS=0x00 PREC=0x00 TTL=120 ID 141
66 PROTO=UDP SPT=137 DPT=137 LEN=50
Have any idea?
Thanks.
This appears to be smb browsing. This needs to be able to talk to the broadcast address, as you can see here: 192.168.181.255. Support for broadcasts is a bit hackish in Vuurmuur (I plan to replace this). What you need is a rule like this:
accept service samba from local.lan to firewall
(where local.lan is the network 192.168.181.x)
This will make sure the broadcast address is also allowed because in the samba service the 'broadcast' flag is enabled.
As for the ping, that must have a different reason, so please paste a log of that as well.
Cheers,
Victor
Sep 15 02:00:19 info kernel: eth1: Transmit error, Tx status register 82.
Sep 15 02:00:19 info kernel: Probably a duplex mismatch. See Documentation/networking/vortex.txt
Sep 15 02:00:19 info kernel: Flags; bus-master 1, dirty 3238025(9) current 3238025(9)
Sep 15 02:00:19 info kernel: Transmit list 00000000 vs. dd9d27a0.
Sep 15 02:00:19 info kernel: 0: @dd9d2200 length 80000036 status 00010036
Sep 15 02:00:19 info kernel: 1: @dd9d22a0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 2: @dd9d2340 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 3: @dd9d23e0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 4: @dd9d2480 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 5: @dd9d2520 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 6: @dd9d25c0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 7: @dd9d2660 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 8: @dd9d2700 length 800005ea status 800105ea
Sep 15 02:00:19 info kernel: 9: @dd9d27a0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 10: @dd9d2840 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 11: @dd9d28e0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 12: @dd9d2980 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 13: @dd9d2a20 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 14: @dd9d2ac0 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: 15: @dd9d2b60 length 800005ea status 000105ea
Sep 15 02:00:19 info kernel: vrmr: DROP fw policy IN=eth0 OUT=eth1 SRC=192.168.181.217 DST=24.61.173.87 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=33938 DF PROTO=TCP SPT=1999 DPT=16042 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 15 02:00:19 info kernel: vrmr: DROP fw policy IN=eth0 OUT=eth1 SRC=192.168.181.217 DST=72.222.219.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=33939 DF PROTO=TCP SPT=2000 DPT=46444 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 15 02:00:19 info kernel: vrmr: DROP fw policy IN=eth0 OUT=eth1 SRC=192.168.181.217 DST=24.209.179.48 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=33940 DF PROTO=TCP SPT=2001 DPT=17380 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 15 02:00:20 info kernel: vrmr: DROP in policy IN=eth1 OUT= MAC=00:10:5a:14:a1:91:00:30:b8:c8:bf:b0:08:00 SRC=203.214.101.112 DST=200.118.125.x LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5814 DF PROTO=TCP SPT=49208 DPT=55776 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 15 02:00:21 info kernel: vrmr: DROP in policy IN=eth1 OUT= MAC=00:10:5a:14:a1:91:00:30:b8:c8:bf:b0:08:00 SRC=208.75.184.6 DST=200.118.125.x LEN=64 TOS=0x00 PREC=0x00 TTL=41 ID=15305 PROTO=TCP SPT=52745 DPT=55776 WINDOW=65535 RES=0x00 SYN URGP=0
This is a part of the log I try to change certain IPs.
I'm not sure what you expect from me here. I see a number of dropped connection attempts to TCP port 1999, 2000, 2001 and 55776. What are these connections? Did you try adding services for them?
Cheers,
Victor
At the end I make it work, the problem is to understand the SNAT rules for the new interface.
Now I have a sistem to make probe, so I'll try to make an rpm to the SME, I hope that the SME-server developers will like it.
Thanks a lot for Your time, such a great tool.