[Shorewall-users] Ipsec question
Eurico Vaz Junior
euricovaz at yahoo.com.br
Fri Aug 22 11:12:37 PDT 2003
I have the following problem: When ipsec starts, it gets the ip of my external interface, and my definitions of interfaces dont work well. All ip traffic go out by interface ipsec0, not eth0 anymore.
My file /etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect routefilter
loc eth1 detect
Then, if i put a rule in /etc/shorewall/rules saying:
ACCEPT loc net all -
doesnt work... But if i change:
ACCEPT loc vpn all -
(vpn is the zone for ipsec0) The packets go to net using ipsec0 (zone vpn), not eth0 (zone net)
The same thing happens whit masq. (/etc/shorewall/masq)
#INTERFACE SUBNET ADDRESS
This rule doesnt work, because the packages only go to net by ipsec0. Then, to work, i have to change:
what is missing? Or is it correct? The correct is the traffic go to internet using eth0 or not?
Thanks a lot.
Desafio AntiZona: Um emocionante desafio de perguntas e respostas que te
dá um Renault Clio, kits de eletrônicos, computadores, notebooks e
mochilas.Cadastre-se, participe e concorra: www.cade.com.br/antizona
More information about the Shorewall-users