Scorpy wrote: > Sending again without attachment. I dont get mail on the list if i send the > attachment.
Did you compress the attachment? The list has a maximum attachment size. > >> Since you are NATing the connection, you should only be DNATing UDP port >> 500 and 4500 to the internal router for VPN traffic. Again, there is >> very little chance if it working without NAT-T. The two IPSEC endpoints >> will determine that there is at least one NAT router between them and >> will encapsulate the ESP packets in UDP 4500 packets. AH cannot be used >> in this configuration. > > The hw router is sending information only on udp port 500. I can see this, > because only this port is blocked on linux box. That's very shaky logic. Have you LOOKED at the traffic with a traffic sniffer like tcpdump or Wireshark? > Yes. I can see message go forth to other side and when the hw router on the > other side responds and send response, the linux box on my side blocks the > UDP port 500. Once more -- the packet that is getting blocked is coming from your internal network and it is addressed to your firewall!!! So if your external and internal interfaces aren't bridged then the packet must be coming from the Zyxel in your local network. Try this test: a) from your Shorewall box, ping 192.168.1.180 (The Zyxel). b) type "arp -na". Is 00:40:f4:b2:94:96 the MAC address associated with 192.168.1.180 in the output from 'arp'? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users