Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 14th January 2007, 16:04
dschmid dschmid is offline
Join Date: Dec 2005
Posts: 52
Thanks: 1
Thanked 1 Time in 1 Post
Default Shorewall problem Ubuntu-Server 6.10 As A Firewall/Gateway

Hello, i set up a Ubuntu-Server for my local network. The only problem I have is to connect from outside via pptp. Everything is configured the same way like your Howto. But I'am using a network and the ip address of my server is, because I have an existing network. From that network the server gets IP address, netmask and gateway via DHCP. Connecting from is no problem. Connecting from is also ok when the firewall is shutdowned. But when the firewall is up "tail -f /var/log/syslog" brings messages like this:
Jan 14 14:39:14 tuxserv kernel: [17179738.128000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:xx:31:xx:xx:5f:00:16:b6:ed:e1:ed:08:00 SRC= DST= LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=3504 DF PROTO=TCP SPT=1340 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
That is my /etc/shorewall/rules:

#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
#                                                               PORT    PORT(S) DEST                    LIMIT   GROUP
#       Accept DNS connections from the firewall to the network
ACCEPT  net     $FW     tcp     25
ACCEPT  net     $FW     tcp     443
ACCEPT  net     $FW     tcp     993
ACCEPT  net     $FW     udp     6277
DNAT    net     loc: tcp     1723
DNAT    net     loc: 47
DNS/ACCEPT      $FW             net
#       Accept SSH connections from the local network for administration
SSH/ACCEPT      loc             $FW
#       Allow Ping from the local network
Ping/ACCEPT     loc             $FW
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
That is my /etc/shorewall/interfaces:

net     eth0            detect          dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc     eth1            detect          tcpflags,detectnets,nosmurfs
Reply With Quote
Sponsored Links
Old 15th January 2007, 19:37
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts

So you cannot connect from your network to your network?
What's the output of
on your server?
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
php Apps email not going through palkat General 8 21st September 2011 06:35
Statistic not working mzo Installation/Configuration 49 20th April 2011 13:19
The Perfect Setup - Ubuntu 6.10 Server Question n74jw HOWTO-Related Questions 5 27th January 2008 13:14
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 11:01
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 03:30

All times are GMT +2. The time now is 22:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.