Hello, i set up a Ubuntu-Server for my local network. The only problem I have is to connect from outside via pptp. Everything is configured the same way like your Howto. But I'am using a 192.168.2.0 network and the ip address of my server is 192.168.2.1, because I have an existing 192.168.1.0 network. From that network the server gets IP address, netmask and gateway via DHCP. Connecting from 192.168.2.0 is no problem. Connecting from 192.168.1.0 is also ok when the firewall is shutdowned. But when the firewall is up "tail -f /var/log/syslog" brings messages like this:
Code:
Jan 14 14:39:14 tuxserv kernel: [17179738.128000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:xx:31:xx:xx:5f:00:16:b6:ed:e1:ed:08:00 SRC=192.168.1.1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=3504 DF PROTO=TCP SPT=1340 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
That is my /etc/shorewall/rules:
Code:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
# PORT PORT(S) DEST LIMIT GROUP
#
# Accept DNS connections from the firewall to the network
#
ACCEPT net $FW tcp 25
ACCEPT net $FW tcp 443
ACCEPT net $FW tcp 993
ACCEPT net $FW udp 6277
DNAT net loc:192.168.2.1 tcp 1723
DNAT net loc:192.168.2.1 47
DNS/ACCEPT $FW net
#
# Accept SSH connections from the local network for administration
#
SSH/ACCEPT loc $FW
#
# Allow Ping from the local network
#
Ping/ACCEPT loc $FW
#
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
#
That is my /etc/shorewall/interfaces:
Code:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 detect tcpflags,detectnets,nosmurfs
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
English | 
Deutsch
Shorewall problem Ubuntu-Server 6.10 As A Firewall/Gateway
Linear Mode
Recent comments
2 days 5 hours ago
2 days 14 hours ago
2 days 17 hours ago
2 days 18 hours ago
2 days 20 hours ago
2 days 21 hours ago
2 days 23 hours ago
3 days 28 min ago
3 days 16 hours ago
3 days 17 hours ago