On Wed, 1 May 2002, Eric B Kiser wrote: > Since installing Bering 1.0-rc1 the only thing that I have changed in my > shorewall config is adding the lines below. My understanding is that this is > not static since it is my single publicly routable address on one side and I > have three workstations using 192.168.1.x on the other side. Is static NAT > the same as a 1:1 mapping? >
Yes -- in that case, I doubt that the rules that you posted have any effect. Most people using IPSEC have found that they also need incoming rules that forward UDP 500 and protocol 50 to the endpoint (as I recommended in a previous post). Without such rules, the tunnel will eventually die during a re-keying attempt. Look at the output of "shorewall show net2loc" -- I'm betting that the packet counts for those rules are zero. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED]
