Ok, setting the routeback parameter on interfaces are working fine.
My running (and OK) configuration now are:
interfaces:
PPTP ppp+ - routeback
Thanks for all.
http://maqui.darkbolt.net/
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
Los hombres somos esclavos de la historia
On Tue, Sep 14, 2010 at 18:31, David López Zajara (Er_Maqui) <
er_ma...@darkbolt.net> wrote:
> Well,
>
> My actual running configuration are these:
> zones:
> PPTP ipv4
> interfaces:
> PPTP ppp+
> policy:
> PPTP all ACCEPT
>
> The hosts file are empty. I doesn't change the ip addresses because these
> lines are from shorewall manual, i've tried with them. But on the moment of
> writing the mail, these config are disabled.
>
> I'm attaching the dump.
>
>
> Regards,
>
> http://maqui.darkbolt.net/
> Linux registered user ~#363219
> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
> Los hombres somos esclavos de la historia
>
>
> On Tue, Sep 14, 2010 at 17:28, Tom Eastep <teas...@shorewall.net> wrote:
>
>> On 9/14/10 8:05 AM, David López Zajara (Er_Maqui) wrote:
>> > Hi,
>> >
>> > It's my first time writing on the list, for one question:
>> >
>> > If isn't the correct site, please tell me and ignore message.
>> >
>> > I have multiple shorewall configured across my networks, but i have one
>> > problem with one of them:
>> > First, include an schema:
>> >
>> > ------------ ------------
>> > | | | |
>> > | VPN1 | | VPN2 |
>> > | | | |
>> > ------------ ------------
>> > | |
>> > ------------ ------------
>> > | | | |
>> > | FW |------| eth0 |
>> > | | | |
>> > ------------ ------------
>> > | |
>> > ------------ ------------
>> > | | | |
>> > | VPN3 | | VPN4 |
>> > | | | |
>> > ------------ ------------
>> > The concept are simple. I have 4 VPN connections, and one LAN on eth0.
>> >
>> > All VPN can connect to the LAN, and the LAN can connect to the VPN's.
>> >
>> > My problem are who try to send one packet from one VPN to another. The
>> > machines have the routes configured correctly, but the FW reject these
>> > packages.
>> >
>> > My configuration are:
>> >
>> > zones:
>> > PPTP ipv4
>> > interfaces:
>> > PPTP ppp+
>> > policy:
>> > PPTP all ACCEPT
>> >
>> > But, when i try to send a ping from VPN1 to VPN2, i receive these log on
>> the
>> > FW:
>> > Sep 14 16:57:35 fw kernel: [12250627.652278]
>> > Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp2 SRC=192.168.101.202
>> > DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP
>> TYPE=8
>> > CODE=0 ID=2538 SEQ=1
>> > I don't know what's the problem but i need to allow traffic forward
>> between
>> > ppp's interfaces. I've tried to declare each interface with these
>> config:
>>
>> 192.168.101.202 is not in any of your defined zones.
>>
>> >
>> >
>> > /etc/shorewall/zones:
>> >
>> > #ZONE TYPE
>> > vpn1 ipv4
>> > vpn2 ipv4
>> > vpn3 ipv4
>> >
>> > /etc/shorewall/interfaces:
>> >
>> > #ZONE INTERFACE BROADCAST OPTIONS
>> > - ppp+
>> >
>> > /etc/shorewall/hosts:
>> >
>> > #ZONE HOST(S) OPTIONS
>> > vpn1 ppp+:192.168.1.0/24
>> > vpn2 ppp+:192.168.2.0/24
>> > vpn3 ppp+:192.168.3.0/24
>> >
>> > (Obiously changing the IP configuration)
>>
>> WHY? IP addresses are not secrets!
>>
>> Hiding your real addresses just slows down the solution to your problem.
>> As I mentioned above, 192.168.101.202 isn't in any of your zones. That
>> would cause the message that you are seeing, but I suspect you just
>> messed up changing the addresses.
>>
>> > And, adding:
>> >
>> > policy:
>> > VPN1 all ACCEPT
>> > VPN2 all ACCEPT
>> > VPN3 all ACCEPT
>>
>> > But in this case, i can connect FW->VPN, but the reverse case doesn't
>> work
>> > (VPN->FW).
>>
>> Obiously, the communication between VPN's doesn't work too.
>>
>> You can try adding the 'routeback' option to each of your entries in
>> /etc/shorewall/hosts. But with the information you have given us, it's
>> hard to know exactly what the problem is.
>>
>> If that doesn't correct the problem, please follow the instructions at
>> http://www.shorewall.net/support.htm#Guidelines when posting a follow-up
>> report.
>>
>> Thanks,
>> -Tom
>> --
>> Tom Eastep \ When I die, I want to go like my Grandfather who
>> Shoreline, \ died peacefully in his sleep. Not screaming like
>> Washington, USA \ all of the passengers in his car
>> http://shorewall.net \________________________________________________
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing.
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
