  • From: "J.van Tilburg" <info@xxxxxxxxxx>
  • Date: Wed, 15 Jun 2005 14:18:18 +0000 (UTC)

Hello All,

I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces
installed. This server is used only as firewall/internet gateway/proxy/VPN
It has two NIC's eth0 (10.0.x.x) connected to ADSL, eth1 (
connected to the local network.
I use shorewall 2.4 on this machine.

Problems arise when I try to set up bridging in cooperation with shorewall.
Setting up the bridge br0 with tap0, tap1 and eth1, without shorewall works
using the "brctl show" command shows that the bridge is working with the right
interfaces (tap0, tap1 and eth1).
In this situation I can ping from the firewall machine to a local network pc
and receive answer. From the local network pc, I can browse the internet
through the firewall machine.
but when I start shorewall, I receive no ping answer anymore from the local
network pc, and I cannot browse the internet anymore from the local network pc.

The strange thing is that the /var/log/messages file contains shorewall output
telling me that it accepted the ping request from the firewall to the local
network pc even though I dont receive an answer back.
it says something like ACCEPT fw2loc out=br0 Phys out=eth1 source=
dest= Proto=icmp which is correct.
I have IP Forwarding set to on.
setting Bridging=Yes or No in shorewall.conf makes no difference at all.

here's my shorewall configuration:

net eth0 10.0.x.255 nobogons,routefilter,logmartians,tcpflags, arp_filter,
loc br0 detect


fw		loc		ACCEPT		info
loc		net		ACCEPT		info
net		all		DROP		info
all		all		REJECT		info

AllowPing	loc	fw
AllowPing	fw	net
RejectAuth	net	fw
RejectAuth	fw	net
AllowDNS	fw	net
#AllowFTP	fw	net
AllowWeb	fw	net
# this is for squid
ACCEPT		loc	fw		tcp	3328

net			Internet	The Internet
loc			Local net	The Local network

What's wrong here. I really don't know.
Any help will be much appreciated.

Thank you in advance.

J. van Tilburg

