Steven E. Frazier
2003-Jan-14 18:01 UTC
[Shorewall-users] Question on Shorewall with FreeSwan
I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure where to put this in /etc/shorewall/tunnels? Could someone help me with what I need to put in /etc/shorewall tunnels if that''s the right place? If not, could you advise me how to put this into shorewall, please? Is there any other file I have to edit to go along with FreeSwan for Shorewall? Thanks. Steve # TYPE ZONE GATEWAY GATEWAY ZONE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--On Tuesday, January 14, 2003 8:36 PM -0500 "Steven E. Frazier" <sfrazier@fraziercorp.com> wrote:> I am new to Shorewall and FreeSwan, please excuse my ignorance I was > wondering if someone could help me. > > I had help getting my FreeSwan running with the following iptables > commands: > > iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j > ACCEPT > iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j > ACCEPT > > > If I manually run this FreeSwan works, however I am not sure where to > put this in /etc/shorewall/tunnels? > > Could someone help me with what I need to put in /etc/shorewall tunnels > if that''s the right place? If not, could you advise me how to put this > into shorewall, please? > > > Is there any other file I have to edit to go along with FreeSwan for > Shorewall? > > Thanks. > > Steve > ># TYPE ZONE GATEWAY GATEWAY ZONE > ># LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > >You can find extensive documentation on this subject at http://shorewall.rettc.com/IPSEC.htm -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net