> I had your Eiger Stein & IPSEC running great for some time now it looks like > I need Dachstein. > > Do you have an image that is setup to pass IPSEC or do I have to patch in > those modules and rules again.
You're in luck. The Dachstein kernels come pre-patched for VPN-Masquerade, so all you have to do is load the modules, and open a couple ports to get IPSec masquerading working. > Also Is my work with EigerStein to get this to work fully transprotable to > DachStein? Yes. While the firewall scripts have been updated, and extensively modified (mainly to support new DMZ features), the new scripts are extensions of the previous ones. I usually merge previous network.conf settings manually. NOTE: I typically mount my old floppy (or config disk) once I've booted a fresh Dachstein disk, and uncompress the old filesystem into /tmp, so I can copy/edit/compare files. Just "gunzip <pkg.lrp | tar -xv" in /tmp. WARNING: If you want to use the bootable CD version, it contains a kernel that supports IPSec running on the firewall...this kernel will *NOT* masquerade IPSec VPN connections (saddly, you can either masqerade IPSec, or run IPSec on the firewall, but the same kernel won't support both). If you want, I can make an ISO with a kernel that will masquerade IPSec connecctions...let me know. Final note: You don't really have to upgrade, if you don't want to. You can add some custom forwarding rules to /etc/ipfilter.conf to block the traffic filling up your logs, or merge in a few features from the newer scripts, like support for SILENT_DENY, or support for the /etc/ipchains.forward file (where you can specify your own forward rules). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
