Mike Rosile wrote:
I solved the problem by manually adding an iptables rule (eth0 is the public/ipsec interface):Iptables –I FORWARD –i eth0 –o eth0 –j ACCEPT –m policy –pol ipsec –mode tunnel –dir inIn order to get this to work with Shorewall, I added that ‘iptables’ line to /etc/shorewall/start. Is there a better way to add an iptables policy rule to Shorewall’s config files to allow packets from two IPsec routable subnets to pass?
Yes. And if we knew what your Shorewall configuration looks like, we would be able to tell you what it is.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
