Maybe it will help anyone else. I've had problems with using the dachstein image with ipsec that's on http://lrp.steinkuehler.net/contrib_disk_images.htm
Problem The situation where it failed was on creating a firewall that would access the internet with NAT (aka masquerading) and another network through IPsec (non masqueraded). I wanted to use the configuration IPFILTER_SWITCH=firewall with the IPsec tunnel. It wouldn't work. From the logs on both firewalls the tunnel was created but no traffic went through. Solution I checked the rules and, after a lot of tweaking, I discovered that I needed to add rules to ipchains to allow forwarding between the subnets behind the firewalls. In my specific case the networks were: 192.168.0.0/16 and 192.168.31.0/24. So I created the file /etc/ipchains.forward with the following content: ipchains -I forward 2 -s 192.168.0.0/16 -d 192.168.31.0/24 -j ACCEPT ipchains -I forward 3 -s 192.168.31.0/24 -d 192.168.0.0/16 -j ACCEPT Well, this is just in case it can be useful for anyone else. I have no idea how to do it, but should this be integrated on the image configuration ? -- Joćo Miguel Neves
signature.asc
Description: This is a digitally signed message part