LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-28-2015, 04:10 PM   #1
FlyPi
LQ Newbie
 
Registered: Feb 2015
Posts: 2

Rep: Reputation: Disabled
My VPN connection rejected by firehol


Hello All!,
I'm a new user of firehol and i faced a little problem as i cannot connect to my work vpn server from my home lan!

My configuration is :
raspberry pi configured as router with 3 interfaces. eth0 (my local internal lan) wlan0 (my wireless lan ) and eth1 (my internet gw)

eth0 is connected on a switch and eth1 is connected back to back with my ISP modem. For the routing i use "firehol" and as i try to find the problem i have open everything but i still cannot find any solution.

my firehol conf is :

#====================================================
#MASQUERADE
masquerade "eth1"

# INTERFACE FOR INTERNAL NETWORK

interface "eth0" LAN
server all accept
client all accept

#====================================================

# INTERFACE FOR INTERNET

interface "eth1" INET
server all accept
client all accept

#===================================================

# INTERFACE FOR WIFI

interface "wlan0" WLAN
server all accept
client all accept


#ROUTING RULES
router LAN2INET inface "eth0" outface "eth1"
server all accept
client all accept


router WLAN2INET inface "wlan0" outface "eth1"
server all accept
client all accept

router LAN2WLAN inface "eth0" outface "wlan0"
server all accept
client all accept



The firehol logs look like this:

Feb 28 23:23:49 RouterPi kernel: [89944.202440] 'firehol: PASS-unknown:'IN=wlan0 OUT=eth1 MAC=48:5d:60:1f:93:17:00:24:2b:0f:ce:e8:08:00 SRC=192.168.11.151 DST=83.235.x.x LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=8993 PROTO=47
Feb 28 23:23:52 RouterPi kernel: [89947.202723] 'firehol: PASS-unknown:'IN=wlan0 OUT=eth1 MAC=48:5d:60:1f:93:17:00:24:2b:0f:ce:e8:08:00 SRC=192.168.11.151 DST=83.235.x.x LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=8996 PROTO=47
Feb 28 23:23:56 RouterPi kernel: [89951.203041] 'firehol: PASS-unknown:'IN=wlan0 OUT=eth1 MAC=48:5d:60:1f:93:17:00:24:2b:0f:ce:e8:08:00 SRC=192.168.11.151 DST=83.235.x.x LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=9000 PROTO=47
Feb 28 23:23:56 RouterPi kernel: [89951.325564] 'firehol: PASS-unknown:'IN=wlan0 OUT=eth1 MAC=48:5d:60:1f:93:17:00:24:2b:0f:ce:e8:08:00 SRC=192.168.11.151 DST=83.235.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=9002 PROTO=47
Feb 28 23:24:00 RouterPi kernel: [89955.200442] 'firehol: PASS-unknown:'IN=wlan0 OUT=eth1 MAC=48:5d:60:1f:93:17:00:24:2b:0f:ce:e8:08:00 SRC=192.168.11.151 DST=83.235.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=9007 PROTO=47

Please can anyone help with this??
thank you!

Last edited by FlyPi; 02-28-2015 at 04:19 PM.
 
Old 03-01-2015, 05:28 AM   #2
philwhineray
LQ Newbie
 
Registered: Mar 2015
Posts: 1

Rep: Reputation: Disabled
Hi

The problem is that to FireHOL, "all" means anything that the connection tracker sees as NEW/ESTABLISHED/RELATED. From your logs your VPN use GRE, protocol 47 which I guess the connection tracker does not handle (it mostly does tcp/udp).

Try setting up a rule with service "any" or "anystateless" for protocol 57, see the online documentation. Unfortunately I cannot post a link as I have only just joined LinuxQuestions.

Hope that helps, if not, can I suggest you may encounter people who know more about this on the FireHOL mailing list... again I cannot link but it should be easy enough to find.

Kind Regards
Phil
 
Old 03-05-2015, 12:36 AM   #3
FlyPi
LQ Newbie
 
Registered: Feb 2015
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank you for your help ! But finally i managed to connect to the vpn through firehol. The tricky point was the the firehol does not activate all service ports by "server all accept, or client all accept) thats why i could not connect and firehol blocked me. by default the "pptp service port not include to the sum of services defined by "all" so i have to add the line


ALL_SHOULD_ALSO_RUN="${ALL_SHOULD_ALSO_RUN} pptp"



in the begging of the firehol.conf. thats it!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP connection rejected fabrice Linux - Networking 3 02-24-2014 05:11 AM
script to change vpn connection if slow vpn connection andrew44 Linux - General 2 02-23-2014 11:25 AM
SSH connection problem, Rejected guillermo Linux - Networking 2 11-05-2007 02:41 PM
bluetooth connection rejected FerkoPica Linux - Hardware 1 10-29-2006 02:21 PM
Rejected Connection vcheah Linux - Security 6 04-12-2002 01:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration