Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

shorewall, nat, windows xp vpn, and the devil.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Wed Nov 02, 2005 8:40 am    Post subject: shorewall, nat, windows xp vpn, and the devil. Reply with quote
I have searched and searched and searched and PM'd and googled for an answer to no avail. I am to the point where I am going to attempt to sell my soul, but I doubt it will help.

[Windows XP]
|
|
\/
[Gentoo box]
|
|
|
\/
Cable modem ------> internet ------> vpn server

This is my networking setup. The internet works, my traffic shaping works, my samba works, my awsome "mkissue" script works, snmpd works, mythtv works, et cetera.. ad nauseum.

What DOES NOT work is when I try to use built in windows vpn client (pptp) to reach my university's vpn server. The connection hangs at "verifying username and password", then I recieve an error 619.

Hold tight for everything you could ever want to know about said machine:

Code:

stitch ~ # uname -a
Linux stitch 2.6.14-gentooEaglesNest #1 PREEMPT Wed Nov 2 01:33:09 CST 2005 i686 AMD Athlon(tm) AuthenticAMD GNU/Linux


Code:

stitch ~ # lsmod
Module                  Size  Used by
ip_conntrack_pptp       8784  0
ip_gre                 10272  0
ppp_deflate             4864  0
zlib_deflate           22424  1 ppp_deflate
zlib_inflate           17408  1 ppp_deflate
bsd_comp                5376  0
ppp_async               9024  0
crc_ccitt               1728  1 ppp_async
ppp_generic            25620  3 ppp_deflate,bsd_comp,ppp_async
slhc                    6208  1 ppp_generic
sch_ingress             3460  1
cls_fw                  3968  3
cls_u32                 6916  3
sch_htb                15872  1
ipt_ipp2p               7616  1
ipt_MASQUERADE          2560  1
ipt_REJECT              4224  4
ipt_LOG                 5952  10
ipt_state               1472  14
ipt_pkttype             1344  4
iptable_raw             1536  0
ipt_CONNMARK            1792  0
ipt_MARK                2048  14
ipt_connmark            1344  0
ipt_owner               1728  0
ipt_recent              9612  0
ipt_iprange             1472  0
ipt_multiport           2240  0
ipt_conntrack           2048  3
iptable_mangle          2112  1
ip_nat_irc              1920  0
ip_nat_tftp             1344  0
ip_nat_ftp              2688  0
iptable_nat             6660  1
ip_nat                 15924  5 ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat
ip_conntrack_irc        5232  1 ip_nat_irc
ip_conntrack_tftp       3128  1 ip_nat_tftp
ip_conntrack_ftp        6320  1 ip_nat_ftp
ip_conntrack           44784  12 ip_conntrack_pptp,ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,
ip_nat_ftp,iptable_nat,ip_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
iptable_filter          2176  1
ip_tables              20160  18 ipt_ipp2p,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,iptable_raw,ipt_CONNMARK,
ipt_MARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
uhci_hcd               30736  0
floppy                 56132  0
ehci_hcd               30536  0
ohci_hcd               19780  0
i2c_nforce2             5824  0
i2c_core               17808  1 i2c_nforce2
usbcore               109632  4 uhci_hcd,ehci_hcd,ohci_hcd


Code:

stitch ~ # ./confcat /etc/make.conf
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -fomit-frame-pointer -O2 -pipe"
CXXFLAGS="${CFLAGS}"
USE="amd apache2 authdaemond cli dba innodb ithreads javascript lm_sensors \
     maildir mmx moznocompose moznoirc moznomail mythtv nptl offensive \
     openssh operanom2 pcre pear php postfix pthreads session sftp sse \
     threads usb userlocales -arts -gpm -ipv6 -kde"
ACCEPT_KEYWORDS="~x86"
PORTDIR=/usr/portage
DISTDIR=${PORTDIR}/distfiles
PKGDIR=${PORTDIR}/packages
PORT_LOGDIR=/var/log/portage
PORTDIR_OVERLAY=/usr/local/portage
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
RSYNC_RETRIES="3"
RSYNC_TIMEOUT=180
AUTOCLEAN="yes"
MAKEOPTS="-j1"
PORTAGE_NICENESS=3
CCACHE_SIZE="2G"
LIRC_OPTS="--with-x --with-driver=hauppauge --with-major=61 --with-port=none --with-irq=none"


Code:

stitch ~ # ./confcat /usr/src/linux/.config
CONFIG_X86=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_MMU=y
CONFIG_UID16=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_EXPERIMENTAL=y
CONFIG_CLEAN_COMPILE=y
CONFIG_BROKEN_ON_SMP=y
CONFIG_LOCK_KERNEL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_LOCALVERSION="EaglesNest"
CONFIG_LOCALVERSION_AUTO=y
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
CONFIG_SYSCTL=y
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_HOTPLUG=y
CONFIG_KOBJECT_UEVENT=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_KALLSYMS=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SHMEM=y
CONFIG_CC_ALIGN_FUNCTIONS=0
CONFIG_CC_ALIGN_LABELS=0
CONFIG_CC_ALIGN_LOOPS=0
CONFIG_CC_ALIGN_JUMPS=0
CONFIG_BASE_SMALL=0
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_KMOD=y
CONFIG_X86_PC=y
CONFIG_MK7=y
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_USE_3DNOW=y
CONFIG_PREEMPT=y
CONFIG_PREEMPT_BKL=y
CONFIG_X86_UP_APIC=y
CONFIG_X86_UP_IOAPIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_TSC=y
CONFIG_X86_MCE=y
CONFIG_X86_MCE_NONFATAL=y
CONFIG_X86_MCE_P4THERMAL=y
CONFIG_DCDBAS=m
CONFIG_HIGHMEM4G=y
CONFIG_HIGHMEM=y
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_FLATMEM_MANUAL=y
CONFIG_FLATMEM=y
CONFIG_FLAT_NODE_MEM_MAP=y
CONFIG_MTRR=y
CONFIG_SECCOMP=y
CONFIG_HZ_250=y
CONFIG_HZ=250
CONFIG_PHYSICAL_START=0x100000
CONFIG_PM=y
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_SLEEP_PROC_FS=y
CONFIG_ACPI_AC=y
CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_VIDEO=y
CONFIG_ACPI_FAN=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_THERMAL=y
CONFIG_ACPI_ASUS=y
CONFIG_ACPI_IBM=y
CONFIG_ACPI_TOSHIBA=y
CONFIG_ACPI_BLACKLIST_YEAR=0
CONFIG_ACPI_EC=y
CONFIG_ACPI_POWER=y
CONFIG_ACPI_SYSTEM=y
CONFIG_X86_PM_TIMER=y
CONFIG_PCI=y
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_PCI_LEGACY_PROC=y
CONFIG_ISA_DMA_API=y
CONFIG_ISA=y
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_MISC=y
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIB_HASH=y
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_TCP_CONG_BIC=y
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_REALM=m
CONFIG_IP_NF_MATCH_SCTP=m
CONFIG_IP_NF_MATCH_DCCP=m
CONFIG_IP_NF_MATCH_COMMENT=m
CONFIG_IP_NF_MATCH_CONNMARK=m
CONFIG_IP_NF_MATCH_CONNBYTES=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_MATCH_STRING=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_TARGET_NFQUEUE=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CONNMARK=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_NET_SCHED=y
CONFIG_NET_SCH_CLK_JIFFIES=y
CONFIG_NET_SCH_CBQ=m
CONFIG_NET_SCH_HTB=m
CONFIG_NET_SCH_HFSC=m
CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_RED=m
CONFIG_NET_SCH_SFQ=m
CONFIG_NET_SCH_TEQL=m
CONFIG_NET_SCH_TBF=m
CONFIG_NET_SCH_GRED=m
CONFIG_NET_SCH_DSMARK=m
CONFIG_NET_SCH_NETEM=m
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_QOS=y
CONFIG_NET_ESTIMATOR=y
CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=m
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_ROUTE=y
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_PERF=y
CONFIG_NET_CLS_POLICE=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
CONFIG_PARPORT=m
CONFIG_PARPORT_PC=m
CONFIG_PNP=y
CONFIG_PNPACPI=y
CONFIG_BLK_DEV_FD=m
CONFIG_BLK_DEV_RAM_COUNT=16
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
CONFIG_BLK_DEV_IDECD=m
CONFIG_IDE_GENERIC=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
CONFIG_BLK_DEV_GENERIC=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
CONFIG_IDEDMA_PCI_AUTO=y
CONFIG_BLK_DEV_AMD74XX=y
CONFIG_BLK_DEV_IDEDMA=y
CONFIG_IDEDMA_AUTO=y
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
CONFIG_NET_ETHERNET=y
CONFIG_MII=y
CONFIG_NET_VENDOR_3COM=y
CONFIG_VORTEX=y
CONFIG_NET_PCI=y
CONFIG_FORCEDETH=y
CONFIG_PPP=m
CONFIG_PPP_MULTILINK=y
CONFIG_PPP_FILTER=y
CONFIG_PPP_ASYNC=m
CONFIG_PPP_SYNC_TTY=m
CONFIG_PPP_DEFLATE=m
CONFIG_PPP_BSDCOMP=m
CONFIG_PPPOE=m
CONFIG_SHAPER=m
CONFIG_INPUT=y
CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
CONFIG_SERIO_LIBPS2=y
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
CONFIG_SERIAL_8250=m
CONFIG_SERIAL_8250_NR_UARTS=4
CONFIG_SERIAL_CORE=m
CONFIG_UNIX98_PTYS=y
CONFIG_LEGACY_PTYS=y
CONFIG_LEGACY_PTY_COUNT=256
CONFIG_RTC=y
CONFIG_AGP=y
CONFIG_AGP_NVIDIA=y
CONFIG_I2C=m
CONFIG_I2C_CHARDEV=m
CONFIG_I2C_ALGOBIT=m
CONFIG_I2C_ALGOPCF=m
CONFIG_I2C_ALGOPCA=m
CONFIG_I2C_NFORCE2=m
CONFIG_HWMON=m
CONFIG_VIDEO_DEV=m
CONFIG_VGA_CONSOLE=y
CONFIG_DUMMY_CONSOLE=y
CONFIG_SPEAKUP_DEFAULT="none"
CONFIG_SOUND=m
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB_ARCH_HAS_OHCI=y
CONFIG_USB=m
CONFIG_USB_DEVICEFS=y
CONFIG_USB_EHCI_HCD=m
CONFIG_USB_OHCI_HCD=m
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
CONFIG_USB_UHCI_HCD=m
CONFIG_USB_HID=m
CONFIG_USB_HIDINPUT=y
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT3_FS=y
CONFIG_EXT3_FS_XATTR=y
CONFIG_JBD=y
CONFIG_FS_MBCACHE=y
CONFIG_REISERFS_FS=y
CONFIG_REISERFS_FS_XATTR=y
CONFIG_INOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_AUTOFS4_FS=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_UDF_FS=y
CONFIG_UDF_NLS=y
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=437
CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
CONFIG_NTFS_FS=y
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_RAMFS=y
CONFIG_SMB_FS=y
CONFIG_MSDOS_PARTITION=y
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
CONFIG_PROFILING=y
CONFIG_OPROFILE=y
CONFIG_LOG_BUF_SHIFT=14
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_EARLY_PRINTK=y
CONFIG_X86_FIND_SMP_CONFIG=y
CONFIG_X86_MPPARSE=y
CONFIG_CRC_CCITT=m
CONFIG_CRC32=y
CONFIG_ZLIB_INFLATE=m
CONFIG_ZLIB_DEFLATE=m
CONFIG_TEXTSEARCH=y
CONFIG_TEXTSEARCH_KMP=m
CONFIG_TEXTSEARCH_BM=m
CONFIG_TEXTSEARCH_FSM=m
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_X86_BIOS_REBOOT=y
CONFIG_PC=y


Code:

stitch ~ # ./confcat /etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes
LOGFILE=/var/log/shorewall
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=yes
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
DROPINVALID=No
RFC1918_STRICT=No
MACLIST_TTL=
SAVE_IPSETS=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP


Code:

stitch ~ # ./confcat /etc/shorewall/policy         
loc             net             ACCEPT
loc             fw              ACCEPT
fw              net             ACCEPT
fw              loc             ACCEPT
net             fw              ACCEPT
net             all             DROP            info


Code:

stitch ~ # ./confcat /etc/shorewall/rules 
DNAT    net             loc:10.0.0.2    tcp     3389
DNAT    net             loc:10.0.0.3    tcp     6881
DNAT    net             loc:10.0.0.3    udp     6881
DNAT    net             loc:10.0.0.2    tcp     6882
DNAT    net             loc:10.0.0.2    udp     6882
ACCEPT  net             loc             gre
ACCEPT  net             loc             tcp     1723


Code:

stitch ~ # ./confcat /etc/conf.d/net     
hotplug_eth0="no"
modules=( "iproute2" )
config_eth0=( "dhcp" )
config_eth1=( "10.0.0.1 netmask 255.255.255.0" )



Can anyone send me in the right direction or point out what the hell I am missing here?

Last edited by thdrcat on Fri Nov 18, 2005 4:10 am; edited 2 times in total
Back to top
View user's profile Send private message
DaveArb
Guru
Guru


Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
PostPosted: Wed Nov 02, 2005 3:24 pm    Post subject: Reply with quote
Have you tried connecting the Windows machine directly to the cablemodem to see if it can connect there? Looking around, error 619 seems to be the great catchall that can be caused by anything. I just saw a report that a user restarting their cablemodem corrected the error for them.

I don't really grok Shorewall, but your rules and policy files seem to have what you need, which is GRE protocol and TCP:1723, bidirectional.

Dave
Back to top
View user's profile Send private message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Wed Nov 02, 2005 7:40 pm    Post subject: Reply with quote
Yes, the windows machine connects fine when connected to the modem without the gentoo box in the middle.

My current approach to getting it to work is to make the pptp client work on the router, then try to diag the machines behind the nat.

Thanks for the reply... anyone else have some ideas. I have been working on this problem for the last few months on and off. I can't tell you how many post on the forum i have read to try and fix it.
Back to top
View user's profile Send private message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Thu Nov 03, 2005 11:25 pm    Post subject: Reply with quote
shameless bump because I have literally exhausted all other options and resources.
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
PostPosted: Fri Nov 04, 2005 12:03 am    Post subject: Re: shorewall, nat, windows xp vpn, and the devil. Reply with quote
thdrcat wrote:
Code:

stitch ~ # ./confcat /etc/shorewall/rules 
...
ACCEPT  net             loc             gre
ACCEPT  net             loc             tcp     1723

Shouldn't it be
Code:

stitch ~ # ./confcat /etc/shorewall/rules 
...
ACCEPT  net             fw             gre
ACCEPT  net             fw             tcp     1723

_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Mon Nov 07, 2005 8:18 pm    Post subject: Reply with quote
changed to

Code:

stitch ~ # ./confcat /etc/shorewall/rules
...
ACCEPT  all             all             gre
ACCEPT  all             all             tcp     1723


Last edited by thdrcat on Fri Nov 18, 2005 4:12 am; edited 1 time in total
Back to top
View user's profile Send private message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Mon Nov 14, 2005 9:31 pm    Post subject: Reply with quote
So I solved it.

I recompiled everything into the kernel and it just started working. I can only assume that a module was not loading correctly and that was the problem.
Back to top
View user's profile Send private message
thdrcat
n00b
n00b


Joined: 30 Mar 2004
Posts: 43
PostPosted: Fri Nov 18, 2005 4:10 am    Post subject: Reply with quote
OK. After changing NOTHING it no longer works. Can someone please tell me why my computer refuses to connect to the VPN server at work when my gentoo firewall/nat/router is between us.


Code:

Shorewall:loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=10.0.0.3 DST=165.91.140.250 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=17302 DF PROTO=TCP SPT=2429 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0

Shorewall:loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=10.0.0.3 DST=165.91.140.250 LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=17308 PROTO=47

Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:50:04:d9:a9:98:00:50:57:00:90:3d:08:00 SRC=165.91.140.250 DST=24.250.178.131 LEN=45 TOS=0x00 PREC=0x00 TTL=111 ID=13172 PROTO=47

Shorewall:loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=10.0.0.3 DST=165.91.140.250 LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=17343 PROTO=47

Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:50:04:d9:a9:98:00:50:57:00:90:3d:08:00 SRC=165.91.140.250 DST=24.250.178.131 LEN=45 TOS=0x00 PREC=0x00 TTL=111 ID=17990 PROTO=47


all the traffic seems to be going through, then SOMETHING goes BOINK.
Back to top
View user's profile Send private message
yabbadabbadont
Advocate
Advocate


Joined: 14 Mar 2003
Posts: 4791
Location: 2 exits past crazy
PostPosted: Fri Nov 18, 2005 6:06 am    Post subject: Reply with quote
There is a pptp module that you are missing.

Read this and see if it applies to you. http://madpenguin.org/cms/?m=show&id=5557&page=2
Back to top
View user's profile Send private message
alex6z
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jul 2005
Posts: 119
PostPosted: Tue Dec 13, 2005 9:26 pm    Post subject: Reply with quote
How do you make your Gentoo router like DMZ? I guess you can't cause your box is a computer its self and that would not wirk well with having a working internet connection on the router box. Humm, My dlink router seems to support the gre IP protocol. How do I use it? Can a create a tunnle? Is it like a proxy? Can I run a gre "server" on my linux box and let other computers make tunnels? Maybe this would help if you could make a gre tunnel for the XP machine - if that's even what it does/is for.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy