On 13 Feb 2014, at 18:52, Wagenknecht Michael <[email protected]> wrote:
> Hi, > I have another question. > After activating a connection between the Fritzbox and strongswan, I > have 4 additional iptables rules: > > -A INPUT -s 192.168.0.0/24 -d 192.168.1.0/24 -i eth0 -m policy --dir in > --pol ipsec --reqid 1 --proto esp -j ACCEPT > -A FORWARD -s 192.168.0.0/24 -d 192.168.1.0/24 -i eth0 -m policy --dir > in --pol ipsec --reqid 1 --proto esp -j ACCEPT > -A FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -o eth0 -m policy --dir > out --pol ipsec --reqid 1 --proto esp -j ACCEPT > -A OUTPUT -s 192.168.1.0/24 -d 192.168.0.0/24 -o eth0 -m policy --dir > out --pol ipsec --reqid 1 --proto esp -j ACCEPT > > My problem is that there are wrong devices (eth0) in the rules. I need > eth1 instead eth0. > Where can I define the device? > Or can I disable the generation of the rules? > > Best regards, > Michael > Hi Michael, You can find it at the file called ipsec/_updown. Also to disabled it you will need to add to the tunnel configuration leftfirewall=yes or no. Thanks, Pawel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
