https://qa.mandrakesoft.com/show_bug.cgi?id=1293
Product: shorewall
Component: program
Summary: Gateway fails to work + breaks ADSL pptp in my case
Version: 1.3.13-1mdk
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: major
Priority: P2
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
- ADSL PPTP works like a charm until drakgw is configured; basically the same
issues as in 9.0: iptables(/shorewall) breaks the ADSL connexion.
Symptoms:
PING 10.0.0.138 [ADSL device]
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
In logs:
dhcpd: send_packet: Operation not permitted
When doing a iptables stop, I can relaunch the internet connexion properly, but
of course no IP forwarding is available.
I had a quick look at how shorewall works. So far I could make ADSL + IP
forwarding (drakgw) work by changing the following configuration files:
BTW The structure of the network is as follows:
___________________________________
Internet
^
|
v
ADSL device (pptp) on 10.0.0.138
^
| ppp0 through eth0 (ethernet link)
|
v
[ Machine 1:
10.0.0.1 on eth0
192.168.0.1 on eth1
dynamic IP on ppp0]
eth1 <-> HUB (local network on 192.168.0)
____________________________________
Modified configuration files:
1) /etc/shorewall/interfaces
------------------------------
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 detect
masq eth0 detect
loc eth1 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
2) /etc/shorewall/masq
-------------------------
#INTERFACE SUBNET ADDRESS
ppp0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
3) /etc/shorewall/policy
--------------------------
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
masq net ACCEPT
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all ACCEPT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
4) Also added:
----------------
CLAMPMSS=Yes
to shorewall.conf (I read it's recommended with ADSL connexions, but I don't
know the real impact)
Note: this configuration might be a bit permissive, and certainly can be
improved, but it works, at least with the configuration shown above.
By the way, when trying to configure drakgw through drakconf (automatic), I get
the following messages. The "unknown interface" error is when shorewall restart
with 192.168.0.0/255.255.255.0 in /etc/shorewall/masq (this is autogenerated value).
________
Error: Unknown interface 192.168.0.0/255.255.255.0
/sbin/service: line 148: 2889 Terminated $debug
$servicedir/$service $options
Arr�t de dhcpd : [ OK ]
Arr�t de named : [ OK ]
Error: Unknown interface 192.168.0.0/255.255.255.0
Error: Unknown interface 192.168.0.0/255.255.255.0
________
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
