On Wednesday 07 January 2004 02:15 pm, Lito Kusnadi
wrote:> Hi. I am trying to force some traffic that goes to address 203.7.93.94
> through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one
> machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use
> the same shorewall and freeswan).
> I have successfully set up a tunnel between the two network (using a
> point to point topology, not hub).
> I added a static routing that redirect 203.7.93.94 to ipsec0. It seems
> the packet goes to ipsec0 but lost. I can''t get anything from the
ulog
> of the other side. (the otherside policy is set to trust dmz->vpn, and
> vpn->dmz, just for testing.)
> Is there any rule I can put in the rules file to do the job? Or I should
> put a manual iptables script? Could someone give a hint? Thanks a lot.
This probably isn''t a Shorewall problem but rather an ipsec
configuration
problem. Try "shorewall clear" on both ends and see if traffic flows.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net