Hi, I have just swapped a commercial firewall which was running ipsec for a custom build server based firewall. I used Shorewall to setup the iptables rules and racoon/setkey for ipsec. Currently The firewalls general Masq, rules and non Masq rules seam to be working ok along with DNAT however, the ipsec tunnel I set up seams to have issues but I am not sure where. The tunnel has come up ok and can talk to the original far end firewall, you can ping any far end host from the firewalls internal interface. You can not however, ping from behind the firewall across the vpn or back from any host on the other network. I think this is a rules issue but I can see where. When running a tcpdump on the remote host I can see packets arriving and returning down the tunnel but they never seam to get there. It is not just ping as I tried telnet and ssh down the tunnel too, I believe they are all connecting just being stopped on the return.
If anyone has any ideas they will gratefully be received. Thanks Mark ******************************************************************* Mark Olliver BSc (Hons) Thermeon Europe Ltd V-Card http://www.thermeoneurope.com/e-Card/card.html?uid=mpo ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
