I have read every single piece of shorewall documentation pertaining to this subject. I believe I have a firm grasp on how to configure Shorewall, and have obviously followed the directions given in the documentation for this particular setup.
I say again, my PROBLEM is that shorewall does not forward packets from the internal network through to the ipsec interface, as evidenced by the log message I posted. I need to understand why this is, so that I can fix it. On my previous freeswan implementation I recall having to write a forwarding rule which included some sort of nat'ing. Shorewall, as far as I can tell, has no place that a forwarding rule can be made. The policy & rules files do not allow such. QUESTION: How do I configure shorewall to forward traffic from the internal network that is destined for the remote network through the ipsec interface? Thank you. On Mon, Jan 12, 2009 at 4:49 PM, Shorewall Guy <[email protected]> wrote: > John Smith wrote: >> PROBLEM: Shorewall gives the following log message, and no traffic >> will pass through the VPN. This is an attempt to ping a PC on the >> otherside of the VPN endpoint. >> Jan 12 13:48:41 localhost Shorewall:FORWARD:REJECT:IN=eth2 OUT=ipsec0 >> SRC=192.168.1.xxx DST=192.168.5.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=127 >> ID=42007 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=39424 > > OP coudn't make it work the modern way so ... > >> I reconfigured debian to support an ipsec+ >> interface. The VPN side of everything was easy (even using racoon) >> and has never been a problem. Getting shorewall to play nice with >> VPN's seems to be my only hanging point. > > If you are going to configure IPSEC the old way then you need to > configure Shorewall the old way: http://www.shorewall.net/3.0/IPSEC.htm > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
