Shortly after posting to the mailing list I revisited a few web pages and check my configurations and found I had the vpn zone backwards and that was why the firewall kept dropping the packets. I knew it was something simple and it is now working perfectly with both sides of the vpn working great.
-Adam Adam D wrote: > I have been working really hard configuring and researching very > extensively, trying to figure why we are getting > "Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the > iptable rules created by our shorewall configs but when starting > shorewall and creating the iptables I noticed the packets are dropped. > I know it is a config situation but I am totally racking my brain as to > what config maybe causing the issue. > > > Here are some details of what we have. > > > shorewall debug restart 2> /tmp/trace > Compiling... > Initializing... > Determining Zones... > IPv4 Zones: inet pflan > IPSEC Zones: baja bcvpn sdvpn > Firewall Zone: fw > Validating interfaces file... > Validating hosts file... > Pre-processing Actions... > Pre-processing /usr/share/shorewall/action.Drop... > Pre-processing /usr/share/shorewall/action.Reject... > Validating Policy file... > Determining Hosts in Zones... > inet Zone: eth0:0.0.0.0/0 > pflan Zone: eth1:0.0.0.0/0 > baja Zone: ipsec+:192.168.90.0/24 > bcvpn Zone: ipsec+:192.168.0.0/24 > Deleting user chains... > Compiling /etc/shorewall/routestopped ... > Creating Interface Chains... > Compiling Common Rules > Compiling Kernel Route Filtering... > Compiling Martian Logging... > Compiling IP Forwarding... > Compiling /etc/shorewall/rules... > Compiling /etc/shorewall/tunnels... > Compiling Actions... > Compiling /usr/share/shorewall/action.Drop for Chain Drop... > Compiling /usr/share/shorewall/action.Reject for Chain Reject... > Compiling /etc/shorewall/policy... > Compiling Masquerading/SNAT > Compiling Traffic Control Rules... > Compiling Rule Activation... > Shorewall configuration compiled to /var/lib/shorewall/.restart > Processing /etc/shorewall/params ... > Restarting Shorewall.... > Initializing... > Clearing Traffic Control/QOS > Deleting user chains... > Enabling Loopback and DNS Lookups > Creating Interface Chains... > Setting up SMURF control... > Setting up Black List... > Setting up ARP filtering... > Setting up Route Filtering... > Setting up Martian Logging... > Setting up Accept Source Routing... > Setting up SYN Flood Protection... > Setting up IPSEC management... > Setting up Rules... > Setting up Tunnels... > Setting up Actions... > Creating action chain Drop > Creating action chain Reject > Creating action chain dropBcast > Creating action chain dropInvalid > Creating action chain dropNotSyn > Applying Policies... > Setting up Masquerading/SNAT... > Activating Rules... > done. > > > see attached file for /sbin/shorewall dump > /tmp/status.txt > > > I really do hope I can receive some extra help with this > > > If there is anything else I can submit to help trouble shoot with me, > please let me know. > > > -Adam > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
