[Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

Tue, 14 Sep 2010 08:10:49 -0700 

Hi,

It's my first time writing on the list, for one question:

If isn't the correct site, please tell me and ignore message.

I have multiple shorewall configured across my networks, but i have one
problem with one of them:
First, include an schema:

------------      ------------
|          |      |          |
|   VPN1   |      |   VPN2   |
|          |      |          |
------------      ------------
           |      |
         ------------      ------------
         |          |      |          |
         |    FW    |------|   eth0   |
         |          |      |          |
         ------------      ------------
           |      |
------------      ------------
|          |      |          |
|   VPN3   |      |   VPN4   |
|          |      |          |
------------      ------------
The concept are simple. I have 4 VPN connections, and one LAN on eth0.

All VPN can connect to the LAN, and the LAN can connect to the VPN's.

My problem are who try to send one packet from one VPN to another. The
machines have the routes configured correctly, but the FW reject these
packages.

My configuration are:

zones:
PPTP    ipv4
interfaces:
PPTP    ppp+
policy:
PPTP            all             ACCEPT

But, when i try to send a ping from VPN1 to VPN2, i receive these log on the
FW:
Sep 14 16:57:35 fw kernel: [12250627.652278]
Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp2 SRC=192.168.101.202
DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8
CODE=0 ID=2538 SEQ=1
I don't know what's the problem but i need to allow traffic forward between
ppp's interfaces. I've tried to declare each interface with these config:


/etc/shorewall/zones:

#ZONE           TYPE
vpn1            ipv4
vpn2            ipv4
vpn3            ipv4

/etc/shorewall/interfaces:

#ZONE          INTERFACE         BROADCAST        OPTIONS
-              ppp+

/etc/shorewall/hosts:

#ZONE          HOST(S)                   OPTIONS
vpn1           ppp+:192.168.1.0/24
vpn2 <http://192.168.1.0/24vpn2>           ppp+:192.168.2.0/24
vpn3 <http://192.168.2.0/24vpn3>           ppp+:192.168.3.0/24

(Obiously changing the IP configuration)
And, adding:

policy:
VPN1            all             ACCEPT
VPN2            all             ACCEPT
VPN3            all             ACCEPT
But in this case, i can connect FW->VPN, but the reverse case doesn't work
(VPN->FW). Obiously, the communication between VPN's doesn't work too.


Thanks,

http://maqui.darkbolt.net/
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
Los hombres somos esclavos de la historia

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to