From: Tom E. <te...@sh...> - 2002-02-28 21:41:22
|
Bill, > -----Original Message----- > From: sho...@sh... > [mailto:sho...@sh...] On Behalf Of > William Suetholz > Sent: Thursday, February 28, 2002 1:32 PM > To: sho...@sh... > Cc: wsu...@ce...; us...@li...; > lea...@li... > Subject: [Shorewall-users] Problem with FreeSwan and > Shorewall on a LEAF(Oxygen) based router. > > I am also using Shorewall 1.1.11. > I tried upgrading to a newer version of Shorewall, and things broke > completely... The shell scripts do some things that BB ash doesn't > like too much. If you don't report this type of problem, I can't fix it... > > On the other end, I have an identical setup, with the > shorewall rules > simplified, since they don't have the DMZ, and some of our > other zones. > They do however do IP Masq, where we actually have a Class C assigned > to us (What can I say, I got it before they locked down :-) > I believe that > the masking is where my problem is.. Without some idea of what your Shorewall configuration looks like, I have no clue what to advise... > > The tunnel looks good when running the ipsec look command on both > sides. When I ping/telnet to a "unrouted" IP for a machine > on the other > end, I see the ifconfig -ni RX-OK go up on the ipsec0 > interface, and the > TX-DROP also go up.. I've looked for what causes this, all I can come > up with, is that the Masking is happening before it sends the > traffic out > the ipsec0 interface back to our location.. I see the same > thing happen > on our side if I try to ping from our router to their address > (the TX-DROP > increments. > > I tried the suggestions on the > http://www.shorewall.net/IPSEC.htm page, > but that didn't > work. Did you look at http://www.shorewall.net/myfiles.htm#old? That configuration includes a running IPSEC environment. -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |