I spoke too soon... As long as all you need is to ping site to site, this is your solution!!! I can't telnet, browse windows servers using their IP address, etc.
----- Original Message ----- From: "Steve Bush" <[EMAIL PROTECTED]> To: "Andy Worthington" <[EMAIL PROTECTED]>; "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 12:37 PM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > Okay I have it working correctly now. > I can ping from internal net to internal net..... > fyi - for the following changes to take effect, I simply went into the > existing tunnel and resaved the configs. > > I backed out the following changes that I had previously made: > > In 30Connections > > put a hash in front of every line similar to this > > $result .= "\trightfirewall=$remoteNAT\n"; > > > > in 40LocalAttributes > > put a hash in front of every line similar to this > > $result .= "\tleftfirewall=yes\n\n"; > > Then I modified the /usr/lib/ipsec/_updown with the following changes: > ---Notice the two remarked lines in each paragraph with ipfwadm are replaced > by the two lines following: > > up-client:ipfwadm) > # connection to client subnet, with (left/right)firewall=yes, coming > up > # This is used only by the default updown script, not by your custom > # ones, so do not mess with it; see CAUTION comment up at top. > # ipfwadm -F -i accept -b -S > $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ipchains -I forward 1 -j ACCEPT -b -p all -s > $PLUTO_MY_CLIENT_NET/$PLUT$ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ;; > > down-client:ipfwadm) > # connection to client subnet, with (left/right)firewall=yes, going > down > # This is used only by the default updown script, not by your custom > # ones, so do not mess with it; see CAUTION comment up at top. > # ipfwadm -F -d accept -b -S > $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > /sbin/ipchains -D forward -j ACCEPT -b -p all -s > $PLUTO_MY_CLIENT_NET/$$ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ;; > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org