lpa du morvan wrote: > Hi > > I use shorewall 3.2.5 + ipsec (openswan 2.4.5) +fc6 > > I have used the method in http://www.shorewall.net/IPSEC.html for the > configuration. > (but not this method in http://www.shorewall.net/IPSEC-2.6.html !)
> but when client-lan1 will ping client-lan2 shorewall-lan1 say: > FORWARD:REJECT:IN=eth0 OUT=eth5 SRC=191.168.2.10 DST=10.71.60.6 > > 191.168.2.10 is client-lan1 > > 10.71.60.6 is client-lan2 > From your "shorewall dump" Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Available When your kernel and iptables support Policy Match, you MUST use the setup described at http://www.shorewall.net/IPSEC-2.6.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
