[Shorewall-users] Ipsec question

Eurico Vaz Junior euricovaz at yahoo.com.br
Fri Aug 22 11:12:37 PDT 2003


Hi all,
 
I have the following problem:   When ipsec starts, it gets the ip of my external interface, and my definitions of interfaces dont work well. All ip traffic go out by interface ipsec0, not eth0 anymore.  
 
My file /etc/shorewall/interfaces:
 
#ZONE    INTERFACE      BROADCAST       OPTIONS
net     eth0            detect          routefilter
loc     eth1            detect
vpn     ipsec0


 
Then, if i put a rule in /etc/shorewall/rules saying:
 
ACCEPT     loc      net    all    - 
 
doesnt work...  But if i change:
 
ACCEPT   loc       vpn     all     -
 
(vpn is the zone for ipsec0) The packets go to net using ipsec0 (zone vpn), not eth0 (zone net)
 
The same thing happens whit masq. (/etc/shorewall/masq)
 
#INTERFACE              SUBNET          ADDRESS
eth0                            eth1

 
This rule doesnt work, because the packages only go to net by ipsec0. Then, to work, i have to change:
 
ipsec0                        eth1

 
what is missing?  Or is it correct?  The correct is the traffic go to internet using eth0 or not?
 
Thanks a lot.
 




---------------------------------
Desafio AntiZona: Um emocionante desafio de perguntas e respostas que te
 dá um Renault Clio, kits de eletrônicos, computadores, notebooks e 
mochilas.Cadastre-se, participe e concorra: www.cade.com.br/antizona


More information about the Shorewall-users mailing list