[Shorewall-users] PPTP through the firewall

Tom Eastep teastep@shorewall.net
Wed, 16 Jan 2002 09:27:14 -0800


On Wednesday 16 January 2002 08:49 am, Arjan J. Molenaar wrote:
> Hi,
>
> I'm using Shorewall to configure a firewall (RedHat 7.2) for a company =
I
> work for. It works great, but I'm gaving some troubles with setting up
> PPTP though.
>
> My configuration is as follows: the (test)firewall is the only linuxish
> thing in the network, all the rest in Microsoft stuff. The users want t=
o
> log on to the corporate network over the internet, so some RAS
> functionality was added to one of the (windows) servers. If I test it
> over the local network everything works fine (a VPN connection is
> created, or at least windows tells me it is). If I try to access the
> network from the internet I get timeouts.
> I tuned on all logging on the firewall and noticed that packages were
> accepted by the firewall and send to the appropriate server:
>
> Jan 16 17:06:19 test-firewall kernel: Shorewall:net2loc:ACCEPT:IN=3Deth=
1
> OUT=3Deth0 SRC=3D212.123.198.144 DST=3D192.168.10.2 LEN=3D48 TOS=3D0x00=
 PREC=3D0x00
> TTL=3D127 ID=3D12089 DF PROTO=3DTCP SPT=3D2634 DPT=3D1723 WINDOW=3D1638=
4 RES=3D0x00
> SYN URGP=3D0
>
> ...but no data is going back. There are no restructions on
> local->internet traffic. I've read the document on the homepage and
> added the rules to the shorewall/rules file:
>
> ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723  -  all
> ACCEPT:6 net loc:$LOC_SERVER2 gre 47    -  all

That should be:

ACCEPT=09net=09loc:$LOC_SERVER2=09gre=09-=09-=09all

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net