[Shorewall-users] forwarding ppp - ppp
teastep at shorewall.net
Wed Dec 10 06:34:30 PST 2003
On Wednesday 10 December 2003 02:04 am, Marius Stan wrote:
Please send your post only once -- posting the same problem/question multiple
times doesn't speed up a response and tends to annoy people.
> I have setup a pptp VPN server on the firewall, with the vnp users in a
> separate zone as in
> http://www.shorewall.net/PPTP.htm#ServerFW, "Remote Users in a Separate
> Zone" guide.
> I don't want to give the vpn users access to my loc, net or dmz zones, I
> just want them to be able to see each other.
> If I try to ping one from another I get this:
> Dec 10 11:52:28 gateway kernel: Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp1
> SRC=192.168.97.234 DST=192.168.97.236 LEN=60 TOS=0x00 PREC=0x00 TTL=127
> ID=11705 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=2560
> Where should I put the rule to enable the above traffic ?
> I already placed the rule
> vpn vpn ACCEPT
> in my policy file, but with no results.
I assume that in /etc/shorewall/interfaces you have:
vpn ppp+ -
You need to add the 'routeback' option to that entry.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users