Re: [Shorewall-users] Openvpn on port 53 instead of 1194

Subscribe Tue, 23 Feb 2016 20:44:41 -0800

Thanks Tom,

Now have:


interfaces
----------------
###############################################################################
?FORMAT 2
###############################################################################
#ZONE    INTERFACE    OPTIONS
net    enp9s0 required,logmartians=1,routefilter,sourceroute=0
vpn    tun0
---------------

policy
--------------
#SOURCE        DEST        POLICY        LOG LEVEL    LIMIT:BURST
fw        net        ACCEPT
fw        vpn        ACCEPT
net        all        DROP        info
# The FOLLOWING POLICY MUST BE LAST
all        all        REJECT        info

Nothing vpn specific in rules.

This (now) doesn't drop/reject any vpn traffic (great), but is it correct?

Thanks,

Leo



---------------


On 24/02/16 03:42, Tom Eastep wrote:

On 02/22/2016 06:42 PM, Subscribe wrote:

ok. Have now figures out IP addresses 192.18.0(1|2)

------------------------

llist@LeosLinux:~$ tail -f /var/log/syslog
Feb 23 13:39:42 LeosLinux NetworkManager[836]: <info>  Writing DNS
information to /sbin/resolvconf
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: setting upstream servers from DBus
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 198.18.0.1#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 198.18.0.2#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 208.67.222.222#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 208.67.220.220#53
Feb 23 13:39:42 LeosLinux NetworkManager[836]: <info>  (tun0):
Activation: successful, device activated.
Feb 23 13:39:42 LeosLinux whoopsie[845]: [13:39:42] The default IPv4
route is: /org/freedesktop/NetworkManager/ActiveConnection/2
Feb 23 13:39:42 LeosLinux whoopsie[845]: [13:39:42] Network connection
may be a paid data plan: /org/freedesktop/NetworkManager/Devices/2
Feb 23 13:39:42 LeosLinux nm-dispatcher: Dispatching action 'up' for tun0

------------------------

Still looking for a solution though

If you are still getting the REJECT messages, then you obviously need a
rule to allow DNS from fw->vpn. If that is the default route, you may
want to consider just changing the fw->vpn policy to ACCEPT.

-Tom


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Openvpn on port 53 instead of 1194

Reply via email to