On Wed, Jul 28, 2010 at 7:03 PM, Tom Eastep <[email protected]> wrote: > On 7/28/10 4:55 PM, Brad Clarke wrote: >> http://www.shorewall.net/IPSEC-2.6.html#GwFw >> >> I'm trying to set up a test of this, though a little less complex on >> the ipsec side (manual keys, no racoon, only ESP on the tunneled >> traffic between the private networks). I think I've screwed something >> up, but I'll ask a stupid question first. >> >> Once I've done thing things on that page, should there automatically >> be a route created on each shorewall box to send traffic between the >> two private networks? > > No. > >> Will NULL_ROUTE_RFC1918=Yes affect things? > > Only if you are trying to tunnel traffic to a remote RFC 1918 network. > In that case, NULL_ROUTE_RFC1918 will break your configuration unless > you add a static route to the remote network via your firewall's default > gateway. > > -Tom
Turns out it was a little of both: I had typed the wrong IP for one of my gateways in a lot of places and NULL_ROUTE_RFC1918 was causing problems. An "ip route add" of the required routes in /etc/shorewall/init and "ip route del" in /etc/shorewall/clear seems to handle it. Thanks for the help, Brad C ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
