Shorewall is blocking ping but accept rule is created, why?


(Marcin) #1

Hi, as in topic I have problem with ping/connect host from nethserver over sslvpn. When i:
ping remote_host_address trough tunnel ppp0 with inet_ppp_address
i’m getting:
OUTPUT:REJECT:IN= OUT=ppp0 src=inet_ppp_address dst=remote_host_address
in firewall.log
I’ve added a firewall rule in GUI:
ACCEPT fw -> remote_host_address
but that rule appears in fw2net chain which is not included in OUTPUT chain so i think that’s why pings are blocked. Any advice how allow pings/ftp/telnet to remote host from GUI? Thanks.

Also the client I use: forticlientsslvpn_cli is creating ppp0 device. In OUTPUT there is no rule for ACCEPT ppp+ or other ppp chain (like for tun) so my question is: how change change ppp0 to tun0 on forticlientsslvpn_cli start, i didn’t find any option for that. Cheers.
Any help appreciated.


Shorewall block OpenVPN traffic out
OpenVPN Client Question