[Shorewall-users] help with a W2K VPN client 619 error and PPTP server

Tom Eastep teastep at shorewall.net
Fri Sep 24 08:48:28 PDT 2004


On Friday 24 September 2004 08:14, David Macklem wrote:
> Tom,
>
> Thanks for your help and quick feedback.
>
> That sounds like a reasonable explanation.  Unfortunately, though, I
> changed the tunnels file as per your suggestion but ran into the same
> symptoms.
>
> I'm in the process of trying to figure out how to enable the connection
> tracking/NAT extensions in my 2.6 kernel.  (Although I'm using the latest
> Mandrake 10 kernel, 2.6.8.1-q10, I think I have to do some Kconfig
> modifications to make these options available in the config file.  More on
> this later, if I make any progress.)
>
> FWIW, I've included the output from 'shorewall status' after trying to
> connect run with the above tunnels mods.
>

Doesn't look to me like you have defined the tunnel any differently:

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               
destination         
   32  6755 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
state RELATED,ESTABLISHED 
   10   650 ACCEPT     47   --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
tcp dpt:1723 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
tcp dpt:53 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
icmp type 8 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
multiport dports 80,443,20,21 
    4   192 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

The 'source' column for the second and third rule should have !<server ip 
address> in them.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list