From: Tom E. <te...@sh...> - 2002-09-29 22:33:21
|
Tuomo Soini wrote: > You don't happen to read shorewall-devel mailinglist ? I read it -- I just didn't know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn't doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+ /etc/shorewall/policy (only if you want to Road Warriors to be able to access each other's hosts). rw rw ACCEPT rw loc ACCEPT loc rw ACCEPT /etc/shorewall/tunnels ipsec net 0.0.0.0/0 rw Am I missing something? -Tom > > > ------------------------------------------------------------------------ > > Subject: > [Shorewall-devel] Building custom _updown script for freeswan to make it > talk with shorewall > From: > Tuomo Soini <ti...@fo...> > Date: > Sat, 21 Sep 2002 22:23:07 +0300 > To: > Shorewall Devel <sho...@sh...> > > > I have a plan to make freeswan and shorewall talk to each other. > > Shorewall doesn't currently have proper handles to make ipsec and > firewall work properly together and I'm planning on building a custom > _updown script for freeswan to make it communicate with shorewall. > > > How can I make shorewall work properly with different road warriors with > different dynamic ip-addresses and different accesses? > > I have following plan: > > have zone for every road warrior > not to have zone in hosts or interfaces > make updown script to jump to correct rules. In freeswan > connection-descriptions give as parameter to updown script knowledge to > which zone this connection is part of. > > Have I missed anything important or is this plan possible? > -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |