Hi All, While it's not really a libreswan issue I thought that someone here might be able to assist. With a datacentre network of 10.10.10.0/20 and a libreswan ipsec allocated network of ( 10.200.200.16- 10.200.200.64) ie 10.200.200.0/24 I want traffic to allow traffic to be able to route between the networks. I don't want to use NAT and I would like to use the firewall. The reason for not wanting NAT is that when services are consumed the source IP address is logged which is associated with an end user. I can ping between the hosts, so routing appears to be correct.Everything routes correctly when I stop firewalld. I had thought that this would be pretty simple with something like the following firewall-cmd --zone=work --add-rich-rule='rule family="ipv4" source address="10.200.200.0/24" destination address="10.10.10.0/20" protocol value="tcp" log level="warning" accept' However the traffic was dropped still being dropped by the firewall. I then throught that a direct rule might help. Something like firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ens3 -o ens7 -p tcp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT However that didn't work either. Any advice on the best way to set this up would be appreciated.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
