Maybe it will help anyone else. I've had problems with using the dachstein image with ipsec that's on http://lrp.steinkuehler.net/contrib_disk_images.htm
Problem
The situation where it failed was on creating a firewall that would
access the internet with NAT (aka masquerading) and another network
through IPsec (non masqueraded). I wanted to use the configuration
IPFILTER_SWITCH=firewall with the IPsec tunnel. It wouldn't work.
From the logs on both firewalls the tunnel was created but no traffic
went through.
Solution
I checked the rules and, after a lot of tweaking, I discovered that I
needed to add rules to ipchains to allow forwarding between the subnets
behind the firewalls. In my specific case the networks were:
192.168.0.0/16 and 192.168.31.0/24. So I created the file
/etc/ipchains.forward with the following content:
ipchains -I forward 2 -s 192.168.0.0/16 -d 192.168.31.0/24 -j ACCEPT
ipchains -I forward 3 -s 192.168.31.0/24 -d 192.168.0.0/16 -j ACCEPT
Well, this is just in case it can be useful for anyone else. I have no
idea how to do it, but should this be integrated on the image
configuration ?
--
Joćo Miguel Neves
signature.asc
Description: This is a digitally signed message part
