lpa du morvan wrote: > Hi > > I tested throught the ipsec tunnel a http connection and always the same > error: > > wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1 with always > PROTO=4 !!!!!! it's in this case a http connection and thus PROTO=6 but > nothing with PROTO=6 in the error message.
If you are still getting these messages then you haven't added the ipip tunnel entry that I recommended. > > icmp is thus necessary to establish a flow througt a ipsec tunnel !? > > I want add > > iptables -A INPUT -p ! icmp -m state --state INVALID -j DROP > also for OUTPUT and FORWARD chain, > > but shorewall does not take into account the manual changes with iptables > command. > I have no idea what problem you are reporting now. If you want my help, then please submit complete problem reports as described at http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
