From: Eduardo F. <du...@ic...> - 2003-02-27 17:06:01
|
Hi all, after setting an ipsec tunnel between two sites under my administration,=20 I=B4ve stuck into a problem. Some of the workstations on the remote site=20 are protected with a personal firewall (Norton Internet Security) and I=20 want to be able to VNC into them to solve some minor problems remotely=20 (printer usage, application configuration and so on). The problem is that = NIS wants to create a rule for every IP that tries to connect to VNC (we=20 are a team of 5 here). So I thought I could use SNAT to change our=20 address when we enter the remote network. In the remote firewall, I used=20 the masq table and added an entry: eth1 ipsec0 192.168.55.100 eth1 is the internal interface of the remote side of the tunnel ipsec0 is the virtual interface for the tunnel the problem is that, when shorewall starts and try to create that rule=20 into the nat tables, It issues the error: [...snip...] Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 192.168.55.0/24 through eth0 using WWW.XXX.YYY.ZZZ Interface ipsec0 must be up before Shorewall starts [...snip...] I followed the instructions for setting a ipsec tunnel from the=20 documentation and I know that the init file stops the ipsec service in the = beggining of the process of starting shorewall (or restarting, or trying). = So, the ipsec0 interface is down when the masq table is processed. Any=20 ideas? Am I doing something impossible? I=B4m using shorewall 1.3.13 with iptables 1.2.7a and Freeswan 1.99 on both= =20 sides. TIA, =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Eduardo Ferreira Sup. Suporte e Rede (5521) 3804-8606=20 ps: sorry for the long post. |