Re: [Shorewall-users] IPSEC 2.6

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Friday 10 February 2006 09:13, Fernando Rodriguez wrote:
> Im running shorewall 3.0.4 RH FC4 Patched

I assume that you have all of the IPSEC/NAT patches in addition to the policy 
match patch?

>
> My problem is this, im running a VPN from Network 192.168.243.0/24 to
> 192.168.108.0/24
>
>
> If I do shorewall clear we can transmit information between the vpn if I do
> shorewall start I get this
>
> Feb 10 11:01:15 rtr1250f kernel: RTR1250_FW:FORWARD:REJECT:IN=eth0 OUT=ppp0
> SRC=192.168.253.48 DST=192.168.108.254 LEN=60 TOS=0x00 P
> REC=0x00 TTL=63 ID=64994 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=20998
> Feb 10 11:01:16 rtr1250f kernel: RTR1250_FW:FORWARD:REJECT:IN=eth0 OUT=ppp0
> SRC=192.168.253.48 DST=192.168.108.254 LEN=60 TOS=0x00 P
> REC=0x00 TTL=63 ID=65000 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=21254
>
> This is my configuration
>

Your config looks ok but without "shorewall dump" output, I won't even guess 
what is wrong (see http://www.shorewall.net/support.htm for the correct way 
to collect a useful dump).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key