Bill, > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > William Suetholz > Sent: Thursday, February 28, 2002 1:32 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: [Shorewall-users] Problem with FreeSwan and > Shorewall on a LEAF(Oxygen) based router. > > I am also using Shorewall 1.1.11. > I tried upgrading to a newer version of Shorewall, and things broke > completely... The shell scripts do some things that BB ash doesn't > like too much.
If you don't report this type of problem, I can't fix it... > > On the other end, I have an identical setup, with the > shorewall rules > simplified, since they don't have the DMZ, and some of our > other zones. > They do however do IP Masq, where we actually have a Class C assigned > to us (What can I say, I got it before they locked down :-) > I believe that > the masking is where my problem is.. Without some idea of what your Shorewall configuration looks like, I have no clue what to advise... > > The tunnel looks good when running the ipsec look command on both > sides. When I ping/telnet to a "unrouted" IP for a machine > on the other > end, I see the ifconfig -ni RX-OK go up on the ipsec0 > interface, and the > TX-DROP also go up.. I've looked for what causes this, all I can come > up with, is that the Masking is happening before it sends the > traffic out > the ipsec0 interface back to our location.. I see the same > thing happen > on our side if I try to ping from our router to their address > (the TX-DROP > increments. > > I tried the suggestions on the > http://www.shorewall.net/IPSEC.htm page, > but that didn't > work. Did you look at http://www.shorewall.net/myfiles.htm#old? That configuration includes a running IPSEC environment. -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
