Hi Tom, That's a shame. Are you thinking that others on the Shorewall mailing list might be able to help?
We're looking to connect remote sites to a central Shorewall-based firewall and have their Internet traffic pass via that server (rather than going direct.) However, Tom and I can't figure-out why traffic from the IPsec tunnels isn't being NAT'd by the firewall. Anyone else got any ideas? Cheers Jason. -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: 02 October 2017 17:11 To: Jason Timmins <ja...@mbmltd.co.uk> Cc: Shorewall Users <shorewall-users@lists.sourceforge.net> Subject: Re: FW: [Shorewall-users] IPsec Tunnel as Default Gateway for Branch Offices On 10/01/2017 01:27 PM, Jason Timmins wrote: > Hi Tom, > > This trace file is a bit longer than I'd have liked but you should be able to > find references to my machine, 10.1.4.41, trying to ping 8.8.8.8. > Okay -- you have no IPSEC policy covering these packets. What appears to be happening is that once they get through the routing stage of the IP stack flow, they are no longer processed by Netfilter (possibly because they match neither 'pol ipsec' nor 'pol none'). As my own IPSEC foo is rather weak, my attempts to produce a working IPSEC policy configuration for this case have all failed. Regards, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users