Thread: calling all shorewall experts I need some help configuring

the machine has 1 interface card br0

on machine openvpn, tap0 , eth0 bridged br0

when client connects via vpn to lan can ping vpn server no other machines on lan. ping returns unreachable

here are files /etc/shorewall

zones

code:

###############################################################################  #zone	type	options			in			out  #					options			options  fw	firewall  net	ipv4  loc:net	ipv4  vpn:loc ipv4

interfaces

code:

#zone	interface	broadcast	options  net     br0            	detect          dhcp,tcpflags,logmartians,nosmurfs

tunnels

code:

#type		zone		gateway		gateway zone    openvpn		net		0.0.0.0/0	 vpn

rules

code:

#action		source		dest		proto	dest	source		original	rate		user/	mark  #							port	port(s)		dest		limit		group    # reject ping "bad" net zone.. , prevent log being flooded..    ping/reject	net		$fw    # permit icmp traffic firewall net zone    accept		$fw		net		icmp    # permit custom connections    ssh/accept	net		$fw  accept		net		$fw		udp	1194

policy (i have no idea going on here adding things @ random see if work..

code:

#source		dest		policy		log level	limit:burst  $fw		all		accept  vpn		$fw		accept  vpn		all		accept  loc		$fw		accept  loc		all		accept  net		$fw		drop		info  net		all		drop		info  # following policy must last  all		all		reject		info

... after whole day of pouring on documentation no further.

Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [ubuntu] calling all shorewall experts I need some help configuring

Ubuntu