Shvetal_Patel Posted October 18, 2003 Report Share Posted October 18, 2003 Hi, I am running MDK9.1 download. I have two nics. One is connected to the internet via adsl. The other is my local network. I use pptpclient to connect to a remote machine via the internet. The connections get established I am assigned a IP address. But if I try to ssh into the remote machine I get connection refused ssh: connect to host 192.168.1.11 port 22: Connection refused. The syslog entry for that connection shows the following..... Shorewall:OUTPUT:REJECT:IN= OUT=ppp0 SRC=192.168.1.18 DST=192.168.1.11 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=65535 DF PROTO=TCP SPT=34738 DPT=22 WINDOW=3840 RES=0x00 SYN URGP=0 I have gone through a lot of doc's for iptables & shorewall. I am looking to preserve the shorewall install of MDK......so no new reinstalls of shorewall Please ! :roll: Any input will be greatly appreciated. Thanks Quote Link to comment Share on other sites More sharing options...
Gowator Posted October 18, 2003 Report Share Posted October 18, 2003 I honestly don't know if the Mandrake install of shorewall config WILL work? My experience was a wasted weekend with just your setup before I read the shorewall page. I then spent maybe 15 minutes (ten of which was reading the documentation of the quickstart guide) and had it working beautifully. From my digging about the Mandy one either supports single NIC with internet acccess OR dual NIC but the machine is then just a server with no access itself. Obviously the base install from Mandrkae can be modified (which is really what your asking) BUT its very hard to understand in the context of the shorewall documentation. I honestly think 10 mins reading the shorewall site (especially the if you use Mandrake read this part) will really help you. You don't need to reinstall shorewall to follow their instructions, just copy the config files over the mandrake ones. After you are finished WEBMIN will let you edit the rules etc. following the documentation of shorewall. Quote Link to comment Share on other sites More sharing options...
Shvetal_Patel Posted October 19, 2003 Author Report Share Posted October 19, 2003 Hi Gowator, Thanks for the reply......But then the question is will my ICS still work ?? Because I did try reinstall of shorewall from their site.....Agreed at that point in time I had very little or no knowledge of shorewall firewall. But All of my connections were blocked and I had difficulty trying to use ICS. Quote Link to comment Share on other sites More sharing options...
Shvetal_Patel Posted October 19, 2003 Author Report Share Posted October 19, 2003 Seem to have found the answer to my own question...... Quote Link to comment Share on other sites More sharing options...
Shvetal_Patel Posted October 19, 2003 Author Report Share Posted October 19, 2003 Seem to have found the answer to my own question...... First off , I had to create a zone for the pptp connection.....ex Zone Display Comments wrk Work pptp to work Next in the masq file I added Interface Subnet Address ppp0 192.168.1.0/24 in the interfaces file had to add this entry #ZONE INTERFACE BROADCAST OPTIONS wrk ppp0 192.168.1.255 dhcp in the tunnels file added this entry # TYPE ZONE GATEWAY GATEWAY ZONE PORT pptpclient wrk 192.168.1.7 And lastly in the rules file #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL ACCEPT wrk fw tcp 22 - NOTE: THESE ENTRIES ARE IN ADDITION TO WHAT MDK ALREADY HAD IN THERE.... Restart shorewall and connect via pptpclient and you should be able to ssh into the remote host. :lol: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.