Scorpy wrote:
> Sending again without attachment. I dont get mail on the list if i send the
> attachment.

Did you compress the attachment? The list has a maximum attachment size.

> 
>> Since you are NATing the connection, you should only be DNATing UDP port
>> 500 and 4500 to the internal router for VPN traffic. Again, there is
>> very little chance if it working without NAT-T. The two IPSEC endpoints
>> will determine that there is at least one NAT router between them and
>> will encapsulate the ESP packets in UDP 4500 packets. AH cannot be used
>> in this configuration.
> 
> The hw router is sending information only on udp port 500. I can see this,
> because only this port is blocked on linux box.

That's very shaky logic. Have you LOOKED at the traffic with a traffic
sniffer like tcpdump or Wireshark?


> Yes. I can see message go forth to other side and when the hw router on the
> other side responds and send response, the linux box on my side blocks the
> UDP port 500.

Once more -- the packet that is getting blocked is coming from your
internal network and it is addressed to your firewall!!!

So if your external and internal interfaces aren't bridged then the
packet must be coming from the Zyxel in your local network.

Try this test:

a) from your Shorewall box, ping 192.168.1.180 (The Zyxel).
b) type "arp -na".

Is 00:40:f4:b2:94:96 the MAC address associated with 192.168.1.180 in
the output from 'arp'?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to