Hi Tom, I had read this doc prior to posting. It reads
a) Open the firewall so that the IPSEC tunnel can be established (allow the ESP and AH protocols and UDP Port 500). The doc then moves onto b), without giving an example. Regards, Simon. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tom Eastep Sent: 02 April 2003 15:44 To: Simon Chalk Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering Ipsec and Shorewall rules On Wed, 2 Apr 2003, Simon Chalk wrote: > Hi All, > > I am configuring two Bering firewalls with an ipsec gateway, linking the two > private subnets on each firewall. > > I have setup the ipsec configuration, but I am struggling with Shorewall. I > realise I need to allow UDP port 500 and protocols 50,51. But I am not sure > how to apply this in the shorewall rules. Do I need to allow rules between > the fw zone and loc zone, or net zone to loc zone? > http://www.shorewall.net/IPSEC.htm -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html