[Shorewall-users] Need help with IPSEC, net view and shorewall
Fri, 5 Apr 2002 13:56:23 -0800 (Pacific Standard Time)
On Fri, 5 Apr 2002, Alois Schneider wrote:
> --On Freitag, 5. April 2002 12:55 -0800 Tom Eastep <email@example.com>
> > On Fri, 5 Apr 2002, Alois Schneider wrote:
> >> > You need UDP port 500 and protocols 51 and 51 open to this user's
> >> > system. After a period of inactivity, either end of a VPN tunnel can
> >> > suddenly become active; if iptables connection tracking has timed out
> >> > the connection and the remote end is the first to speak, you will see
> >> > problems like you describe.
> >> Where do I have to open UDP port 500 and protocols 51?
> > In the rules file.
> I have the following configuration:
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth0 x.x.x.x norfc1918
> loc tr0 192.168.1.255 routestopped
> dmz eth1 192.168.10.255 routestopped
> loc ipsec0
> net Net Internet
> loc Local Local Networks
> dmz DMZ Demilitarized zone
> are these rules correct?
> ACCEPT loc net udp 500
> ACCEPT loc net 51
> or do I neede the rules the other way round?
Assuming that your loc->net policy is ACCEPT, you need the rules the other
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org