> I think you are probably right. I do have forward rules to allow traffic > between both my private 192.168.9 and 192.168.3. And those rules are > added by myself in /etc/ipfilter.conf (based on what you did for DMZ, > your DMZ is one-way, mine is 2-way). I will try to disable it asap, but > my question is if I can still have traffic between my private networks > and at the same time ipsec to remote private? > > Also I think I should use your scripts > /etc/ipchains.input, > /etc/ipchains.forward > /etc/ipchains.output > > for those rules rather than inventing my own (and messing up things -:() > but I cannot find them as examples. > > Could you help in this regard. > > And yes, I try to log protocol 50 and even 51 but nothing showed in my > log. Again something is wrong here too.
It sounds like you probably don't have forwarding rules in place for your VPN traffic, so it's being denied before the packets get turned into VPN data. Try adding the following to /etc/ipchains.forward: $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.3.0/24 -b The ipchains.* files are simply sourced by the firewall scripts, so you can add or insert ipchains rules as required. You can also use variables and procedures from network.conf and ipfilter.conf (which is where $IPCH is defined). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
