192.168.9 and .3 are my private, so adding the rule as you suggested is for them only,
right.
For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing,
i.e.:
$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
^
Thank you.
---------- Original Message ----------------------------------
From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
Date: Fri, 26 Apr 2002 08:48:41 -0500
>> I think you are probably right. I do have forward rules to allow traffic
>> between both my private 192.168.9 and 192.168.3. And those rules are
>> added by myself in /etc/ipfilter.conf (based on what you did for DMZ,
>> your DMZ is one-way, mine is 2-way). I will try to disable it asap, but
>> my question is if I can still have traffic between my private networks
>> and at the same time ipsec to remote private?
>>
>> Also I think I should use your scripts
>> /etc/ipchains.input,
>> /etc/ipchains.forward
>> /etc/ipchains.output
>>
>> for those rules rather than inventing my own (and messing up things -:()
>> but I cannot find them as examples.
>>
>> Could you help in this regard.
>>
>> And yes, I try to log protocol 50 and even 51 but nothing showed in my
>> log. Again something is wrong here too.
>
>It sounds like you probably don't have forwarding rules in place for your
>VPN traffic, so it's being denied before the packets get turned into VPN
>data. Try adding the following to /etc/ipchains.forward:
>
>$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.3.0/24 -b
>
>The ipchains.* files are simply sourced by the firewall scripts, so you can
>add or insert ipchains rules as required. You can also use variables and
>procedures from network.conf and ipfilter.conf (which is where $IPCH is
>defined).
>
>Charles Steinkuehler
>http://lrp.steinkuehler.net
>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
