Hello.
I have remote server (Ubuntu 14.04, Shorewall 4.5.21) with one physical
interface eth0. This server is IPSEC/L2TP client.
L2TP tunnel interface:
ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1410 qdisc pfifo_fast
state UNKNOWN group default qlen 3
link/ppp
inet 192.168.1.160 peer 192.168.1.254/32 scope global ppp0
valid_lft forever preferred_lft forever
Shorewall config.
Interfaces:
- lo ignore
net eth0 dhcp,physical=+,routeback,optional,routefilter
l2tp ppp0
Zones:
fw firewall
net ipv4
vpn ipsec
l2tp ipv4
Tunnels:
ipsec net xx.xx.xx.xx vpn
Hosts:
vpn eth0:0.0.0.0/0
Policy:
$FW all ACCEPT
vpn net NONE
net vpn NONE
l2tp all ACCEPT
net all DROP info
all all REJECT info
When l2tp tunnel is up, traffic through ppp0 counts as net2fw.
Jun 17 18:05:06 server kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC=
SRC=192.168.1.1 DST=192.168.1.160 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=63204
DF PROTO=TCP SPT=57205 DPT=3128 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 17 18:05:06 server kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC=
SRC=192.168.1.1 DST=192.168.1.160 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=49828
DF PROTO=TCP SPT=57207 DPT=3128 WINDOW=29200 RES=0x00 SYN URGP=0
I wonder what did i miss? Why ppp0 traffic does not belong l2tp zone
(IN=ppp0, but net2fw chain)?
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
