Hi
FAQ #21 say:
<<Nov 25 18:58:52 linux kernel:
Shorewall:net2all:DROP:IN=eth1 OUT=
MAC=00:60:1d:f0:a6:f9:00:60:1d:f6:35:50:08:00 SRC=206.124.146.179
DST=192.0.2.3 LEN=56 TOS=0x00 PREC=0x00 TTL=110 ID=18558 PROTO=ICMP
TYPE=3 CODE=3 [SRC=192.0.2.3 DST=172.16.1.10 LEN=128 TOS=0x00
PREC=0x00
TTL=47 ID=0 DF PROTO=UDP SPT=53 DPT=2857 LEN=108 ]Unfortunately, where
NAT is involved (including SNAT, DNAT and Masquerade), there are a lot of
broken implementations
>>
why shorewall break my ipsec tunnel ?
I have tried with deactivate masquerade (on the both side) but always :
wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1
I have established a ipsec tunnel between two fc6+shorewall+ipsec always the
same error:
wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1 (but now on the
both side!)
What can I make now ?
VUILLET Damien
----- Original Message -----
From: "lpa du morvan" <[EMAIL PROTECTED]>
To: "Shorewall Users" <[email protected]>
Sent: Tuesday, December 19, 2006 8:00 PM
Subject: Re: [Shorewall-users] shorewall + ipsec openswan
> Hi,
>
> 191.168.0.0/16 (lan1)----Shorewall +
>
IPSEC---192.168.0.1/24-----switch-----192.168.0.3/24--------MNF2-------10.71
> .60.0/24 (lan2)
>
> The MNF2 is very functionnal and it's not a problem.
> The ipsec tunnel is good established.
> eth5 is ipsec0
>
> When the client-lan1 ping the client-lan2, shorewall say:
> wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1
>
> When the client-lan2 ping the client-lan1: same message:
> wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1
>
> But when i stop shorewall the ping is functionnal (throught the vpn of
> course) in two direction, proof that mnf2 is not in question.
>
> Thanks for your patience
>
> VUILLET Damien
>
>
> ----- Original Message -----
> From: "Tom Eastep" <[EMAIL PROTECTED]>
> To: "Shorewall Users" <[email protected]>
> Sent: Monday, December 18, 2006 7:22 PM
> Subject: Re: [Shorewall-users] shorewall + ipsec openswan
>
>
>
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys - and earn cash
> >
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
>
----------------------------------------------------------------------------
----
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
----------------------------------------------------------------------------
----
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
