Hi Tom
Thank you for your response...
I check shorewall.conf file, and I found this line:
IP_FORWARDING=Keep
May be I have to change to IP_FORWARDING=yes?
Thanks
Best Regards
Em Qua, 2008-10-22 às 10:29 -0700, Tom Eastep escreveu:
> Gilberto Nunes wrote:
> > Hi all
> >
> > I have a firewall host working very well...
> > I setting up a openvpn on this firewall...
> > My vpn is working on a bridge mode.
> > I have this interfaces:
> >
> > br0 inet addr:172.168.1.1 Bcast:172.168.1.255 Mask:255.255.255.0
> > eth0 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0
> > eth2 inet6 addr: fe80::217:9aff:fe7f:c7ec/64 Scope:Link
> > tap0 inet6 addr: fe80::2ff:31ff:fe46:207d/64 Scope:Link
> >
> > /etc/network/interfaces is:
> > # The primary network interface
> > auto eth0
> > iface eth0 inet static
> > address 10.1.1.5
> > network 10.1.1.0
> > netmask 255.255.255.0
> > broadcast 10.1.1.255
> > gateway 10.1.1.1
> >
> > auto br0
> > iface br0 inet static
> > address 172.168.1.1
> > netmask 255.255.255.0
> > pre-up /usr/sbin/openvpn --mktun --dev tap0
> > pre-up /sbin/ip link set tap0 up
> > pre-up /sbin/ip link set eth2 up
> > pre-up /usr/sbin/brctl addbr br0
> > pre-up /usr/sbin/brctl addif br0 eth2
> > pre-up /usr/sbin/brctl addif br0 tap0
> > pre-down /usr/sbin/brctl delif br0 eth2
> > pre-down /sbin/ip link set eth2 down
> > pre-down /usr/sbin/brctl delif br0 tap0
> > pre-down /sbin/ip link set tap0 down
> > post-down /usr/sbin/brctl delbr br0
> > post-down /usr/sbin/openvpn --rmtun --dev tap0
> >
> > Route table:
> >
> > [EMAIL PROTECTED]:/etc/shorewall# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 172.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
> > 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > 0.0.0.0 10.1.1.1 0.0.0.0 UG 100 0 0 eth0
> >
> > I have this on shorewall interfaces files:
> >
> > #loc eth2
> > loc br0 detect routeback
> > net eth0 detect tcpflags,routefilter,nosmurfs,logmartians
> >
> > What is happen is:
> >
> > When I have the bridge interface up (i.e. BR0), my clients inside the
> > lan, can't surf on web, instead via squid proxy.
> > Other problem that appears now is that all my DNAT rules don't work any
> > more:
> > I try this, on rules file:
> >
> > DNAT net loc:172.168.1.20 tcp 3389
> > DNAT net loc:172.168.1.20 tcp 4899
> >
> > But don't work...
> >
> > What can I do?
>
> Be sure that IP_FORWARDING=On in shorewall.conf. If that isn't the
> problem then please submit another problem report as described at
> http://www.shorewall.net/support.htm#Guidelines
>
> -Tom
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________ Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Gilberto Nunes
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users