Am 13.02.2014 21:26, schrieb Pawel Grzesik: > On 13 Feb 2014, at 18:52, Wagenknecht Michael <[email protected]> wrote: > >> Hi, >> I have another question. >> After activating a connection between the Fritzbox and strongswan, I >> have 4 additional iptables rules: >> >> -A INPUT -s 192.168.0.0/24 -d 192.168.1.0/24 -i eth0 -m policy --dir in >> --pol ipsec --reqid 1 --proto esp -j ACCEPT >> -A FORWARD -s 192.168.0.0/24 -d 192.168.1.0/24 -i eth0 -m policy --dir >> in --pol ipsec --reqid 1 --proto esp -j ACCEPT >> -A FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -o eth0 -m policy --dir >> out --pol ipsec --reqid 1 --proto esp -j ACCEPT >> -A OUTPUT -s 192.168.1.0/24 -d 192.168.0.0/24 -o eth0 -m policy --dir >> out --pol ipsec --reqid 1 --proto esp -j ACCEPT >> >> My problem is that there are wrong devices (eth0) in the rules. I need >> eth1 instead eth0. >> Where can I define the device? >> Or can I disable the generation of the rules? >> >> Best regards, >> Michael >> > Hi Michael, > > You can find it at the file called ipsec/_updown. Also to disabled it you > will need to add to the tunnel configuration leftfirewall=yes or no. > > Thanks, > Pawel > > Hi Pawel, thank you for the information. But I don't understand the routing method. Is it only working with the iptables forwarding rules?
Best regards, Michael _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
