Hi,
I have just swapped a commercial firewall which was running ipsec for a
custom build server based firewall. I used Shorewall to setup the iptables
rules and racoon/setkey for ipsec.
Currently The firewalls general Masq, rules and non Masq rules seam to be
working ok along with DNAT however, the ipsec tunnel I set up seams to have
issues but I am not sure where.
The tunnel has come up ok and can talk to the original far end firewall, you
can ping any far end host from the firewalls internal interface. You can
not however, ping from behind the firewall across the vpn or back from any
host on the other network. I think this is a rules issue but I can see
where. When running a tcpdump on the remote host I can see packets arriving
and returning down the tunnel but they never seam to get there. It is not
just ping as I tried telnet and ssh down the tunnel too, I believe they are
all connecting just being stopped on the return.
If anyone has any ideas they will gratefully be received.
Thanks
Mark
*******************************************************************
Mark Olliver BSc (Hons)
Thermeon Europe Ltd
V-Card
http://www.thermeoneurope.com/e-Card/card.html?uid=mpo
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV