Re: [Shorewall-users] Shorewall not starting

2017-01-25 Thread Philip Le Riche
Thanks Matt and Roberto - I'll try the systemctl commands next time I go into school (not until next week now). And it looks like I somehow didn't install shorewall-init at home - not sure why. Regards - Philip On 25/01/2017 17:30, Matt Darfeuille wrote: > On 1/25/2017 6:06 PM, Philip Le Riche

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Tom Eastep
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/25/2017 11:29 AM, Robert K Coffman Jr. -Info From Data Corp. wrote: >> seem to be a way for me to push up a route to the server > > That doesn't seem to be desirable behavior - any client could > effectively DOS the box. The admin of the

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 2:36:23 PM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > tun0 VPN_NET > > Your source would be your local LAN, and I believe you want to > masquerade the traffic through tun0 if that is the tunnel you are using: > > tun0 eth1 (or some variation

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 2:29:09 PM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > seem to be a way for me to push up a route to the server > > That doesn't seem to be desirable behavior - any client could > effectively DOS the box. The admin of the server needs to make that

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> tun0 VPN_NET Your source would be your local LAN, and I believe you want to masquerade the traffic through tun0 if that is the tunnel you are using: tun0 eth1 (or some variation that defines your local LAN) - Bob

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> seem to be a way for me to push up a route to the server That doesn't seem to be desirable behavior - any client could effectively DOS the box. The admin of the server needs to make that change. - Bob -- Check out

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 12:08:36 PM MST Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote: > > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > > > > > > wrote: > > >> On Wed,

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote: > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > > > > wrote: > >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom > >> > >> wrote: > >>> I'm

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Tom Eastep
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > wrote: >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom >> wrote: >>> I'm basically getting what I had before: >>>

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez wrote: > On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote: > > I'm basically getting what I had before: > > > > lan# ping VPNINTHOST > > > > fw# tcpdump -i eth0 host VPNGW > > 09:46:47.60 IP MYIP.57800 >

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Roberto C . Sánchez
On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote: > > I'm basically getting what I had before: > > lan# ping VPNINTHOST > > fw# tcpdump -i eth0 host VPNGW > 09:46:47.60 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 > 09:46:48.646222 IP MYIP.57800 >

Re: [Shorewall-users] Shorewall not starting

2017-01-25 Thread Matt Darfeuille
On 1/25/2017 6:06 PM, Philip Le Riche wrote: > > I've checked that STARTUP_ENABLED=Yes is still in my shorewall.conf, and > though I'm not familiar with systemd, I've checked that > shorewall.service in /lib/systemd/system is the same between home and > school setups. However, at school I also

Re: [Shorewall-users] Shorewall not starting

2017-01-25 Thread Roberto C . Sánchez
On Wed, Jan 25, 2017 at 05:06:38PM +, Philip Le Riche wrote: > I got my Shorewall installation (defending a school network from a > Raspberry Pi farm, with 3rd unfiltered Internet connection) working at > home on an equivalent network though with different network addresses, > and

[Shorewall-users] Shorewall not starting

2017-01-25 Thread Philip Le Riche
I got my Shorewall installation (defending a school network from a Raspberry Pi farm, with 3rd unfiltered Internet connection) working at home on an equivalent network though with different network addresses, and transferred the config files to school. After correcting a couple of really stoopid

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 9:18:11 AM MST Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote: > > On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > > > Hi. > > > > > > I'm having a minor problem setting up shorewall to

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Roberto C . Sánchez
On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > Hi. > > I'm having a minor problem setting up shorewall to properly route and allow > openvpn traffic through my firewall. > > I'd like the openvpn client to be running on the firewall, and allow local > machines to connect

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:59:43 AM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > So far I have traffic that is getting sent out my public connection to the > > openvpn server, but nothing comes back according to `tcpdump -i extIF host > > VPNGATEWAY`. Nothing shows up in the

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote: > On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > > Hi. > > > > I'm having a minor problem setting up shorewall to properly route and > > allow > > openvpn traffic through my firewall. > > > > I'd like

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> So far I have traffic that is getting sent out my public connection to the > openvpn server, but nothing comes back according to `tcpdump -i extIF host > VPNGATEWAY`. Nothing shows up in the logs stating traffic has been blocked. > policy is set up to log on the final DROP and REJECT rules.

[Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
Hi. I'm having a minor problem setting up shorewall to properly route and allow openvpn traffic through my firewall. I'd like the openvpn client to be running on the firewall, and allow local machines to connect to and communicate with the private subnet on the other side of the vpn, but not

Re: [Shorewall-users] shorewall 5.0.14.1 not creating DOCKER nat chain?

2017-01-25 Thread Raphael Bauduin
On Wed, Jan 25, 2017 at 1:50 AM, Tom Eastep wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 01/24/2017 03:40 AM, Raphael Bauduin wrote: > > Hi, > > > > I'm running shorewall 5.0.14.1 on centos 7.3.1611, and I have > > enabled docker in shorwall.conf: > >