Okay...The _updown script that I have works correctly. My problem is a feature of SME 4.1.2 and 5.0. This may need to be modified for corporate WAN users. When you add a local network whose default route is on the local ethernet, the connection is being masq'd for 0.0.0.0/0 only and needs to have an ipchains rule that forwards the primary net to the local net. I added an ipchains rule ie: ipchains -I forward -j ACCEPT -b -s <Int.Net> -d <local net> and it seemed to solve my problem.
----- Original Message ----- From: "Steve Bush" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 01, 2001 11:16 AM Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > Hmmm...I guess my level of enthusiasm was a BIT LOW on that one..... > It was tempered by the fact that my source address was showing up being > masq'd. > > I will attempt to rewrite the _updown script to correctly forward. > Here is a link that I found that gives troubleshooting information on the > subject. > http://master-www.linuxrouter.org:8080/listarch/linux-router/2000-12-01/msg0 > 0516.html > > Thanks to all for the help in getting this thing working > > !!!! HOLY COW IT WORKED !!!! YEEEHAAAA !!!! > !!!! What a GREAT JOB !!!! THIS IS AWESOME !!!! > > > ----- Original Message ----- > From: "Darrell May" <[EMAIL PROTECTED]> > To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, October 31, 2001 4:02 PM > Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > > > > > > Steve Bush <[EMAIL PROTECTED]> said: > > > > > Well that worked. > > > > What no... !!!!_WOW_THAT_WORKED_!!!! ;-> > > > > > Freeswan is tunnelling the packets because both of the networks use > > > 10.x.x.x addresses. > > > > Try setting one network as 192.168.1.x. > > > > Steve, thanks for all your work on this. If you could, at some point > > gather all your notes, and either you/I/both need to complete a HowTo > > detailing all the steps required. I know the _updown script in the rpm > > needs replacing. Let me know if you found anything else that needs > > changing or if that on script was it. > > > > Regards, > > > > -- > > Darrell May > > DMC Netsourced.com > > http://netsourced.com > > http://myEZserver.com > > > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
