I just did a Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment howto and i am having problems connecting to the vpn server and wonderd if anyone had any ideas. Here is the log. Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Manager process started Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Maximum of 10 connections available Jan 18 13:06:52 fireviper kernel: [42960346.620000] Shorewall:net2fwROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31844 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 18 13:06:55 fireviper kernel: [42960349.620000] Shorewall:net2fwROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC=1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31846 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 18 13:07:01 fireviper kernel: [42960355.650000] Shorewall:net2fwROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31853 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
Ok after shutting down the firewall i was able to connect to the vpn server so i know that it is a problem with my fire wall i just dont know how to put the rule in there connect to the firewall
Found the Answer Finally found the answer here is how i was able to get it to work just incase anyone else has the same problem Add these lines to the Files: /etc/shorewall/tunnels: #TYPE ZONE GATEWAY GATEWAY ZONE pptpserver net 0.0.0.0/0 /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS loc ppp+ If you have a single external IP address, add the following to your /etc/shorewall/rules file: /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) DNAT net loc:<server address> tcp 1723 DNAT net loc:<server address> 47 If you have multiple external IP address and you want to forward a single <external address>, add the following to your /etc/shorewall/rules file: /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL # PORT(S) DEST DNAT net loc:<server address> tcp 1723 - <external address> DNAT net loc:<server address> 47 - - <external address> You will also want to add this entry to your /etc/shorewall/masq file: #INTERFACE SUBNET ADDRESS PROTO <external interface> <server address> <external address> 47 Important Be sure that the above entry comes before any other entry that might match the server's address.