I have a problem with my shorewall policy. There are 4 zones configured in shorewall but the policy vpn2vpn:accept doesn't work. I want to establish connections between PPTP clients. They are dropped when using the current policy.
However if I change the all2all policy at the end of the policy file to all2all:accept it works. I have no idea why as there are no zones missing in the policy file.
You can find the syslog entry which is generated by the last policy (all all DROP info) below.
Does someone knows what is missing in the policy file?
shorewall policy:
fw fw ACCEPT
fw net ACCEPT
fw dmz DROP
fw vpn ACCEPT
dmz dmz ACCEPT
dmz net ACCEPT
dmz fw ACCEPT
dmz vpn ACCEPT
net fw DROP
net dmz DROP
net vpn DROP
vpn fw ACCEPT
vpn dmz ACCEPT
vpn vpn ACCEPT
vpn net ACCEPT
all all DROP info
shorewall zones:
fw firewall
net ipv4
dmz ipv4
vpn ipv4
shorewall interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect blacklist,nosmurfs
dmz venet0 detect routeback
dmz vmbr0 detect routeback
vpn ppp+
syslog:
Dec 5 12:39:48 W137 kernel: Shorewall:FORWARD:DROP:IN=ppp0 OUT=ppp1 SRC=192.168.210.100 DST=192.168.210.101 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=5769 DF PROTO=TCP SPT=4307 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0