[Shorewall-newbies] will not pass vpn's
spalin at montana.com
Wed Dec 17 16:55:04 PST 2003
Here you go
net eth0 detect
loc eth1 detect
loc net ACCEPT
$FW net ACCEPT
$FW loc ACCEPT
loc blkv ACCEPT
blkv loc ACCEPT
net all DROP info
all all DROP info
ACCEPT net:(ng_firewall) loc:192.168.2.2 tcp 50 -
ACCEPT net:(ng_firewall) loc:192.168.2.2 udp 50 -
ACCEPT net:(ng_firewall) loc:192.168.2.2 tcp 51 -
ACCEPT net:(ng_firewall) loc:192.168.2.2 udp 51 -
ACCEPT net:(ng_firewall) loc:192.168.2.2 tcp 500 -
ACCEPT net:(ng_firewall) loc:192.168.2.2 udp 500 -
ACCEPT fw net tcp 53 - -
ACCEPT fw net udp 53 - -
ACCEPT loc:192.168.2.2 all all - -
ACCEPT loc:192.168.2.3 all all - -
ipsec net 0.0.0.0/0 blkv
net Net Internet
loc Local Local networks
blkv blkvpn 172.16.0.0/24
From: Francesca C. Smith [mailto:fsmith at ladylinux.com]
Sent: Wednesday, December 17, 2003 11:08 AM
To: Skip Palin
Cc: shorewall-newbies at lists.shorewall.net
Subject: Re: [Shorewall-newbies] will not pass vpn's
Please post your configurations ...
On Wed, 2003-12-17 at 07:48, Skip Palin wrote:
> Hi all,
> Shorewall 1.4.8
> Iptables 1.2.7a
> RH 9 Kerenl-2.4.23
> My problem is, that we have an xp-box (VPN is Checkpoint NG) and an
> nt-box (VPN is Fort Knox) that need to vpn in to two different sits
> and so far it is not working.
> Compiled the kernel with AH,ESP and Linux FreeS/WAN 2.04.
> I do an ipsec verify and get
> Checking your system to see if IPsec got installed and started
> Version check and ipsec on-path [OK]
> Linux FreeS/WAN 2.04
> Checking for KLIPS support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets)
> Checking that pluto is
> running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward map: (firewall)
> Does the machine have at least one non-private address?
> I have two interfaces and one does have a public IP
> NG did exchange keys and so did fort Knox.
> NG sends isakmp SYNâ€™s to port 500 to the remote, so I opened port
> 50,51 and 500 tcp and udp, still will not work.
> If I take the firewall out of the equation it works fine.
> I have gone over everything so many times that, what I am missing is
> right there in front of me but it all looks correct.
> Any help to steer me in the right direction would be appreciated.
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
More information about the Shorewall-newbies