Hi Tom,

That's a shame. Are you thinking that others on the Shorewall mailing list 
might be able to help?

We're looking to connect remote sites to a central Shorewall-based firewall and 
have their Internet traffic pass via that server (rather than going direct.) 
However, Tom and I can't figure-out why traffic from the IPsec tunnels isn't 
being NAT'd by the firewall. Anyone else got any ideas?

Cheers
Jason.

-----Original Message-----
From: Tom Eastep [mailto:teas...@shorewall.net] 
Sent: 02 October 2017 17:11
To: Jason Timmins <ja...@mbmltd.co.uk>
Cc: Shorewall Users <shorewall-users@lists.sourceforge.net>
Subject: Re: FW: [Shorewall-users] IPsec Tunnel as Default Gateway for Branch 
Offices

On 10/01/2017 01:27 PM, Jason Timmins wrote:
> Hi Tom,
> 
> This trace file is a bit longer than I'd have liked but you should be able to 
> find references to my machine, 10.1.4.41, trying to ping 8.8.8.8.
> 

Okay -- you have no IPSEC policy covering these packets. What appears to be 
happening is that once they get through the routing stage of the IP stack flow, 
they are no longer processed by Netfilter (possibly because they match neither 
'pol ipsec' nor 'pol none'). As my own IPSEC foo is rather weak, my attempts to 
produce a working IPSEC policy configuration for this case have all failed.

Regards,

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to