[Shorewall-users] Re: Problem with H323 traffic using PPTP over Shorewall.

Tom Eastep teastep@shorewall.net
Fri, 5 Apr 2002 06:02:59 -0800 (Pacific Standard Time)


In the future, please post your questions to the mailing list. I'm copying
the list with my response so that will appear in the archives.

On 5 Apr 2002, Srikrishnan Chitoor wrote:

> Hi:
>   I have a setup wherein the main server is running Shorewall and PPTP
> Server. The local network is 192.168.1.* and it connects to Internet
> using a Static IP (Cable Modem).
>   I am able to establish VPN connection from outside and access all
> inside resources.
>   However, when I try to use Netmeeting to have a voice chat, voice
> travels only one way (From outside to inside). The voice from Inside
> cannot be heard outside.
>   I looked at tcpdump for possible problems and the only error message I
> got to see was following:
> 17:04:24.367833 > ip-proto-46 168
> 17:04:24.367833 > icmp:
> protocol 46 unreachable.
>   Looks like some stuff from inside to outside is not allowed by
> Firewall.

A couple of things:

a) since the PPTP tunnel isn't dependent on masquerading, you could
"shorewall clear" then see if you still see the same problem (I'm betting
that you do since to my knowledge, Netfilter doesn't generate protocol
unreachable ICMP responses).

b) it is that is generating the icmp response -- I assume
that is the remote address in the PPP connection? If so, that also
suggests that it isn't the firewall that is generating the response.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net