Erich Titl wrote: >Izzy > >Izzy Blacklock wrote: > > >>Erich Titl wrote: >> >> >> >... > > >>> >>> >>> >>> >>Sadly, shorewall doesn't seem to be logging anything for me. Not sure >>why yet, but I'm working on it. The shorewall log is empty, despite >>needing to be created before it will run, and there is no shorewall log >>entries in any of the other log files :( >> >> > >Did you load ulogd (or modify shorewall.conf) > > Thanks! I forgot to load ulogd. :)
> > >>As for the ipsec config in shorewall, as far as I know it is correct. I >>added the shorewall tunnels entry, created the ipsec interface and >>zone. I'm not sure the specifics of the problem (the symptoms are as >>above), but after making the change above, the problem goes away. I >>seem to recall having this same problem with a past version of leaf, and >>came to the same conclusion then. >> >>Of course, it's possible this is a problem in my configuration. Do >>others have this working without making this change? >> >> > >I have it running but instead of shorewall I am running fwbuilder. >Fwbuilder basically just generates iptables rules based on a GUI. But I >am starting ipsec at level 21 nd fwb at 42, so basically it _should_ >behave similarly. > > I'm not sure of the specific rule(s) atm, but there is something that shorewall does that breaks the vpn. On my last generation of routers, I have to make sure to restart ipsec after I restart shorewall or I loose my connections. Sadly, shorewall creates a lot of rules, most of which I don't understand and I've never taken the time to analyze the problem. I just got in the habit of doing this if I have to restart the firewall: shorewall restart && ipsec setup restart ...Izzy ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
