Shorewall users - Jan 2003 - IPSec pass through

I''m getting insane here. I''m running shorewall 1.3.11 with
iptables
1.2.5 and freeswan 1.97 on a 2.4.18-8 kernel aka MNF. The setup is a
followed:

Lan (192.168.1.x) - FW (eth1 192.168.1.254 - eth0 64.x.y.71)  - router
64.x.y.65 (which is default GW on eth0) -internet - 161.a.b.c (FW-1)

So a windows client with checkpoint tries to connect to a vpn-1 server
on the internet. The securemote client can connect and the windows
client can even ping the private network at the other end of the tunnel.
So far so good. When the windows client tries to run an app through the
tunnel (i.e. pcanywhere) no connections can be established. Any ideas ? 

I have been through all the groups and docs available (checkpoint docs,
howto''s, freeswan docs, shorewall docs) and after trying it all still
no
luck. What I find odd is that the client can ping the private network at
the end of the tunnel so the tunnel is open (right?). 

I have tried adding these rules too 

ACCEPT lan wan udp isakmp 
ACCEPT lan wan udp 500 500
ACCEPT lan wan 50

ACCEPT wan lan udp 500 500
ACCEPT wan lan udp isakmp

DNAT  wan: 161.a.b.c  lan: 192.168.1.10  50
DNAT  wan: 161.a.b.c  lan: 192.168.1.10  udp 500 500

If I can get this to work the next step would be to create a tunnel
between the linux box and the FW-1 server. (freeswan / ipsec)

I''m fairly new to the linux firewalling and ipsec etc so any help would
be greatly appreciated. 

Thanks Daniel




Daniel Dekkers
System Architect
Redesign Technologies Inc.
http://www.redesign.com <http://www.redesign.com/> 

Phone: 604.947.9676
Fax: 604.947.9679

Macromedia Associate Partner
http://www.macromedia.com <http://www.macromedia.com/>

On Wed, 2003-01-08 at 17:02, Daniel Dekkers wrote:
> I''m getting insane here. I''m running shorewall 1.3.11
with iptables
> 1.2.5 and freeswan 1.97 on a 2.4.18-8 kernel aka MNF. The setup is a
> followed:
> 
> Lan (192.168.1.x) - FW (eth1 192.168.1.254 - eth0 64.x.y.71)  - router
> 64.x.y.65 (which is default GW on eth0) -internet - 161.a.b.c (FW-1)
> 
> So a windows client with checkpoint tries to connect to a vpn-1 server
> on the internet. The securemote client can connect and the windows
> client can even ping the private network at the other end of the tunnel.
> So far so good. When the windows client tries to run an app through the
> tunnel (i.e. pcanywhere) no connections can be established. Any ideas ? 
Daniel,
Here is some information that may help you. Note: it''s generally not a
good idea to obfuscate information on technical lists when asking for
help.

VPN
http://www.shorewall.net/VPN.htm

Shorewall IPSec Tunneling
http://www.shorewall.net/IPSEC.htm

Linux FreeS/WAN Troubleshooting Guide (for 1.97)
http://www.freeswan.org/freeswan_trees/freeswan-1.97/doc/trouble.html

-- 
Mike Noyes <mhnoyes @ users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/  http://sitedocs.sf.net/  http://ffl.sf.net/