Re: [Shorewall-users] freeswan ipsec - shorewall

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Wed, 2003-10-29 at 13:26, Noël Nachtegael wrote:
> for the others, here are my adapted files working on the linux box
> 
> and the ipsec.conf.xp on the xp roadwarrior side
> 
> ______________________________________________________________________
I notice that your fw<->vpn policy is ACCEPT while your fw<->loc policy
is REJECT. This seems odd to me given that the vpn<->loc policy is
ACCEPT.

Perhaps you should identify your real requirements for fw<->vpn traffic
and create rules to ACCEPT that traffic so that you can also institute a
REJECT policy between those zones as well. I suspect that the
requirements for vpn<->fw are very similar if not identical to loc<->fw.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...