I applied the changes and the errors went away. It looks like the default _updown firewall script included with freeswan use ipfwadm. There is a sample ipchains script that can be called instead.
----- Original Message ----- From: "Andy Worthington" <[EMAIL PROTECTED]> To: "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:04 AM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > Did that fix the errors you were getting in your log file? > > Andy Worthington > ----- Original Message ----- > From: "Hugh Fox" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 25, 2001 8:30 AM > Subject: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > Based on the feedback earlier today regarding problems with ipchains, etc, > I > > made some amendments to some ipsec.conf templates: > > > > In /etc/e-smith/templates/etc/ipsec.conf > > > > In 30Connections > > put a hash in front of every line similar to this > > $result .= "\trightfirewall=$remoteNAT\n"; > > > > in 40LocalAttributes > > put a hash in front of every line similar to this > > $result .= "\tleftfirewall=yes\n\n"; > > > > Now: > > [root@sme2 ipsec.conf]# ipsec eroute > > 192.168.1.0/24 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > 192.168.1.0/24 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > 203.132.2.2/32 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > 203.132.2.2/32 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > [root@sme2 ipsec.conf]# > > > > I can ping from one LAN all the way to the internal IP of the SME at the > > other end of the tunnel, but I cannot yet ping from a machine in one lan > to > > a machine in the other. > > > > Hope this helps (at least a little bit) > > > > Hugh > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
