RE: [leaf-user] Shorewall questions

Mon, 08 Dec 2003 11:06:12 -0800 

One more quick question.

We are running a PPTP server behind shorewall.
The default policy is
Loc     net     DROP

The rules are :
#Inbound VPN
DNAT    net     loc:{local PPTP server}  tcp  1723
DNAT    net     loc:{local PPTP server}  47   -

#Outbound VPN

ACCEPT  loc     net     tcp     1723
ACCEPT  loc     net     47      -

The problem is that I have a user that is logged into our VPN from a remote
site. This user then came into work and is attempting to connect back into
his system at the remote location. The firewall is blocking him from doing
this.
Here is a snip from the logs.

loc2net DROP eth1 eth0 24.78.108.194 24.81.104.187 ICMP   (OS fingerprint)

Can anyone tell me if there is a way to allow this user to connect to his
system from our network?

Many thanks in advance!

Troy
-----Original Message-----
From: Troy Aden [mailto:[EMAIL PROTECTED]
Sent: Monday, December 08, 2003 11:37 AM
To: Leaf-User (E-mail)
Subject: [leaf-user] Shorewall questions

I have a quick newbie shorewall question.
In setup I have several static routes from several internal routers going to
the shorewall box.

The external interface (eth0) has the external IP. But the internal
interface has to be able to recognize 8 separate subnets as internal IPs and
treat them as the local zone.
I suspect that I would have to make changes to the shorewall/interfaces file
and add all of these subnets to the eth1 interface. Can anyone confirm this
for me? Also I have reviewed the docs and I can't seem to find an example of
the appropriate syntax to make entries like this in the shorewall/interfaces
file.

Thanks in advance.


Troy


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to