> 192.168.9 and .3 are my private, so adding the rule as you suggested is for them only, right. > > For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing, i.e.: > > $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
Oops! If the 192.168.9 and .3 networks are on the same system, the rule I listed will allow them to talk to each other, but not to the remote end of the VPN (which is *NOT* what you want). In your case, you'll need two rules: $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b $IPCH -A forward -j ACCEPT -s 192.168.3.0/24 -d 192.168.1.0/24 -b NOTE: These rules will need to be in place on *BOTH* VPN gateway systems. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user