[Shorewall-newbies] will not pass vpn's

Tom Eastep teastep at shorewall.net
Thu Dec 18 07:54:49 PST 2003


On Wednesday 17 December 2003 03:55 pm, Skip Palin wrote:
> Here you go
>
> Interface
> net     eth0    detect
> loc     eth1    detect
>
> hosts
> blkv    eth0:(ng_firewall)
>
> masq
> eth0                    192.168.2.0/24
> eth0:192.168.2.2        172.16.0.0/24
>
> policy
> loc             net             ACCEPT
> $FW             net             ACCEPT
> $FW             loc             ACCEPT
> loc             blkv            ACCEPT
> blkv            loc             ACCEPT
> net             all             DROP            info
> all             all             DROP            info
>
> rules
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 tcp     50      -
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 udp     50      -
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 tcp     51      -
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 udp     51      -
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 tcp     500     -
> ACCEPT  net:(ng_firewall)  loc:192.168.2.2 udp     500     -
> ACCEPT  fw      net     tcp     53      -       -
> ACCEPT  fw      net     udp     53      -       -
> ACCEPT  loc:192.168.2.2 all     all     -       -
> ACCEPT  loc:192.168.2.3 all     all     -       -
>
> Tunnels
> ipsec   net     0.0.0.0/0       blkv
>
> zone
> net     Net             Internet
> loc     Local           Local networks
> blkv    blkvpn          172.16.0.0/24

blkv is a sub-zone of 'net' so it must be defined before 'net' in the zones 
file. See http://www.shorewall.net/Multiple_Zones.html

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list