[Shorewall-users] Shorewall 4.4.0 and OpenVPN

Sun, 23 Aug 2009 05:45:21 -0700 

Hi
I've just installed Shorewall 4.4.0 on my system. It's look like that:

Box with Linux 2.6 with:
ath0 interface with public ip (x.x.x.x)
eth0 interface with internal ip (192.168.111.1) used as gateway for my
home network

and I am trying to set up OpenVPN tunnel with my work network from this
box

tun0 interface with internal ip (10.8.5.254) end point (at work)
10.8.5.253 - OpenVPN connects with remote system ip y.y.y.y

I've some problems with this stuff. I set up shorewall and computers
from network 192.168.111.0
can use ath0 as default gateway for internet (masq).
Also found doc (shorewall.net) and set up vpn connection but still got
for exmaple:

kernel: martian source 10.8.5.254 from 212.77.100.101, on dev tun0

while ping via tun interface ( ping -c 5 -I tun0 www.wp.pl).

First question what is wrong in my configuration?
/etc/shorewall/interfaces:
net     ath0            detect
tcpflags,routefilter,nosmurfs,logmartians,blacklist
vpn     tun0            detect
tcpflags,routefilter,nosmurfs,blacklist
loc     eth0            detect
dhcp,maclist,tcpflags,nosmurfs,blacklist

/etc/shorewall/zones
fw      firewall
net     ipv4
loc     ipv4
vpn     ipv4

/etc/shorewall/policy
loc     vpn     ACCEPT
vpn     loc     ACCEPT
fw     vpn     ACCEPT
vpn     fw     ACCEPT
loc     net     ACCEPT
fw      net     ACCEPT
net     all     DROP    info
# THE FOLLOWING POLICY MUST BE LAST
all     all     REJECT  info

/etc/shorewall/tunnels
openvpn:4672            net     y.y.y.y

/etc/shorewall/masq
ath0    eth0

Second question:
I want to masquerade packets from host 192.168.111.21 (from my local
network) via OpenVPN tunnel defined in /etc/shorewall/tunnels.
Other host still should use eth0. 

So in /etc/shorewall/masq I add
tun0    196.168.111.21
ath0    eth0

But it's not working. Again am I missing something?






------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to