[Shorewall-users] Need help with IPSEC, net view and shorewall

Alois Schneider alois@sillian.com
Fri, 05 Apr 2002 23:25:32 +0200

--On Freitag, 5. April 2002 12:55 -0800 Tom Eastep <teastep@shorewall.net> 

> On Fri, 5 Apr 2002, Alois Schneider wrote:
>> > You need UDP port 500 and protocols 51 and 51 open to this user's
>> > system. After a period of inactivity, either end of a VPN tunnel can
>> > suddenly become active; if iptables connection tracking has timed out
>> > the connection and the remote end is the first to speak, you will see
>> > problems like you describe.
>> Where do I have to open UDP port 500 and protocols 51?
> In the rules file.

I have the following configuration:

net     eth0    x.x.x.x          norfc1918
loc     tr0          routestopped
dmz     eth1        routestopped
loc	ipsec0

net	Net		Internet
loc	Local	Local Networks
dmz	DMZ	Demilitarized zone

are these rules correct?
ACCEPT		loc	net		udp	500
ACCEPT		loc	net		51

or do I neede the rules the other way round?

Thank you for your help,