Hello, i set up a Ubuntu-Server for my local network. The only problem I have is to connect from outside via pptp. Everything is configured the same way like your Howto. But I'am using a 192.168.2.0 network and the ip address of my server is 192.168.2.1, because I have an existing 192.168.1.0 network. From that network the server gets IP address, netmask and gateway via DHCP. Connecting from 192.168.2.0 is no problem. Connecting from 192.168.1.0 is also ok when the firewall is shutdowned. But when the firewall is up "tail -f /var/log/syslog" brings messages like this: Code: Jan 14 14:39:14 tuxserv kernel: [17179738.128000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:xx:31:xx:xx:5f:00:16:b6:ed:e1:ed:08:00 SRC=192.168.1.1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=3504 DF PROTO=TCP SPT=1340 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0 That is my /etc/shorewall/rules: Code: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the network # ACCEPT net $FW tcp 25 ACCEPT net $FW tcp 443 ACCEPT net $FW tcp 993 ACCEPT net $FW udp 6277 DNAT net loc:192.168.2.1 tcp 1723 DNAT net loc:192.168.2.1 47 DNS/ACCEPT $FW net # # Accept SSH connections from the local network for administration # SSH/ACCEPT loc $FW # # Allow Ping from the local network # Ping/ACCEPT loc $FW # # Reject Ping from the "bad" net zone.. and prevent your log from being flooded.. # That is my /etc/shorewall/interfaces: Code: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians loc eth1 detect tcpflags,detectnets,nosmurfs #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
So you cannot connect from your 192.168.1.0 network to your 192.168.2.0 network? What's the output of Code: ifconfig on your server?