[Shorewall-users] unable to filter or log vpn traffic
paolo at paologalati.it
Tue Mar 15 15:51:06 PST 2005
first, thanks for replies, now i'll try to complete info,
in attach there is an image with a more clear net topology
this is my configuration:
net Net Internet
loc Local Local Network
wlan wlan Wireless LAN
net ppp0 - routefilter,norfc1918,tcpflags,nosmurfs
loc eth1 detect dhcp
wlan eth2 detect dhcp
fw net ACCEPT
loc net ACCEPT
wlan net ACCEPT
fw loc ACCEPT
fw wlan ACCEPT
net all DROP info
all all REJECT info
Now to reply to Tom, yes stopping firewall with ADMINISABSENTMINDED=No
stop vpn blocking incoming packet (absolutely no external interface in
routestopped), but with firewall started i'm not able to log or filter
traffic, i put on top of rules file this entry:
#ACTION SOURCE DEST PROTO
LOG:info all all udp
but using vpn nothing appear on log, is the rule correct to log traffic
on this vpn? maybe not!!
Thanks for fast replay, Paolo.
Tom Eastep ha scritto:
> Paolo wrote:
>>So this VPN create a direct connection from one of my internal machine
>>to external server completely bypass my firewall, seem i can do nothing
>>to control traffic.
> With ADMINISABSENTMINDED=Yes, once you have allowed the VPN connection
> to be established then the only things that you can do to stop traffic
> through that VPN are:
> a) Use the 'cutter' utility to sever the VPN connection (or unload the
> ip_conntrack kernel module).
> b) Set BLACKLISTNEWONLY=No in shorewall.conf and blacklist the remote
> With ADMINISABSENTMINDED=No, stopping Shorewall will probably stop VPN
> traffic since you normally don't have your external interfaces enabled
> in your /etc/shorewall/routestopped file.
mailto:paolo at paologalati.it
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 50185 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20050316/ff6110fa/net-topology-0001.jpg
More information about the Shorewall-users