Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th January 2007, 16:04
dschmid dschmid is offline
Member
 
Join Date: Dec 2005
Posts: 52
Thanks: 1
Thanked 1 Time in 1 Post
Default Shorewall problem Ubuntu-Server 6.10 As A Firewall/Gateway

Hello, i set up a Ubuntu-Server for my local network. The only problem I have is to connect from outside via pptp. Everything is configured the same way like your Howto. But I'am using a 192.168.2.0 network and the ip address of my server is 192.168.2.1, because I have an existing 192.168.1.0 network. From that network the server gets IP address, netmask and gateway via DHCP. Connecting from 192.168.2.0 is no problem. Connecting from 192.168.1.0 is also ok when the firewall is shutdowned. But when the firewall is up "tail -f /var/log/syslog" brings messages like this:
Code:
Jan 14 14:39:14 tuxserv kernel: [17179738.128000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:xx:31:xx:xx:5f:00:16:b6:ed:e1:ed:08:00 SRC=192.168.1.1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=3504 DF PROTO=TCP SPT=1340 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
That is my /etc/shorewall/rules:

Code:
#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
#                                                               PORT    PORT(S) DEST                    LIMIT   GROUP
#
#       Accept DNS connections from the firewall to the network
#
ACCEPT  net     $FW     tcp     25
ACCEPT  net     $FW     tcp     443
ACCEPT  net     $FW     tcp     993
ACCEPT  net     $FW     udp     6277
DNAT    net     loc:192.168.2.1 tcp     1723
DNAT    net     loc:192.168.2.1 47
DNS/ACCEPT      $FW             net
#
#       Accept SSH connections from the local network for administration
#
SSH/ACCEPT      loc             $FW
#
#       Allow Ping from the local network
#
Ping/ACCEPT     loc             $FW
#
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
#
That is my /etc/shorewall/interfaces:

Code:
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc     eth1            detect          tcpflags,detectnets,nosmurfs
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Reply With Quote
Sponsored Links
  #2  
Old 15th January 2007, 19:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,748 Times in 2,579 Posts
 
Default

So you cannot connect from your 192.168.1.0 network to your 192.168.2.0 network?
What's the output of
Code:
ifconfig
on your server?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
php Apps email not going through palkat General 8 21st September 2011 06:35
Statistic not working mzo Installation/Configuration 49 20th April 2011 13:19
The Perfect Setup - Ubuntu 6.10 Server Question n74jw HOWTO-Related Questions 5 27th January 2008 13:14
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 11:01
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 03:30


All times are GMT +2. The time now is 18:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.