Thank you very very much, Charles, I could ping the other private machines and I am asking them to ping me and use a couple of services on my private server for thorough test. I hope it will be fine.
The next step for me is to setup for the Road Warrior. I have 2 questions: 1. Do you know of any free client for Windows which works with Free/SWAN? 2. I guess that regardless which client, I have to create some forward rule to the one you advised me below. So it would be IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 0/0 -b Correct? Thanks again. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, April 26, 2002 8:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] VPN error, please help > 192.168.9 and .3 are my private, so adding the rule as you suggested is for them only, right. > > For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing, i.e.: > > $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b Oops! If the 192.168.9 and .3 networks are on the same system, the rule I listed will allow them to talk to each other, but not to the remote end of the VPN (which is *NOT* what you want). In your case, you'll need two rules: $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b $IPCH -A forward -j ACCEPT -s 192.168.3.0/24 -d 192.168.1.0/24 -b NOTE: These rules will need to be in place on *BOTH* VPN gateway systems. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
