[Shorewall-users] forwarding ppp - ppp

Tom Eastep teastep at shorewall.net
Wed Dec 10 06:34:30 PST 2003

On Wednesday 10 December 2003 02:04 am, Marius Stan wrote:

Please send your post only once -- posting the same problem/question multiple 
times doesn't speed up a response and tends to annoy people.

> I have setup a pptp VPN server on the firewall, with the vnp users in a
> separate zone as in
> http://www.shorewall.net/PPTP.htm#ServerFW,  "Remote Users in a Separate
> Zone" guide.
> I don't want to give the vpn users access to my loc, net or dmz zones, I
> just want them to be able to see each other.
> If I try to ping one from another I get this:
> Dec 10 11:52:28 gateway kernel: Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp1
> SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127
> ID=11705 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=2560
> Where should I put the rule to enable the above traffic ?
> I already placed the rule
> vpn             vpn             ACCEPT
> in my policy file, but with no results.

I assume that in /etc/shorewall/interfaces you have:

vpn	ppp+	-	

You need to add the 'routeback' option to that entry.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list