On 10/28/2013 12:58 PM, Axel Zöllich wrote: >>>> There is no provider 220, so Shorewall is not maintaining that table. >>> >>> But where the table is comming from? >> >> Not Shorewall. > > but stongswan or pppd? > I'm getting more and more lost. > The final routingtable(s) is a mixture from different sources, but which > rules > are under the control of shorewall? > >>>> Where are you pinging from? >>>> >>> >From the router itself whith the following networkinterfaces: >> With what source IP address>? > Nice question... > > ping 192.168.1.4 > No response. > > ping -I 192.168.222.241 192.168.1.4 > I get an answer. > > Thank you for this hint with promissing result, but I don't understand what > im > doing.
IPSEC doesn't depend on routing to direct the tunneled traffic. It rather uses the Security Policy Database (SPD). You can see the contents of the SPD in the 'shorewall dump' output. An SPD entry basically says "If a packet with a matching source address, destination address, and protocol" is sent, then it should be handled in a particular way. There is a presentation on this subject at http://www.shorewall.net/LinuxFest2005.pdf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
