Re: [leaf-user] UDP:500

Fri, 19 Oct 2007 15:00:16 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tibbs, Richard wrote:
> Doesn't work.
> Shorewall goes down with a message that does not make sense:
> same thing "not defined in zones ..."

Please also provide:

The exact error message, and at least a few lines of context prior to
the message.

The version of shorewall you're running.

The contents of your rules file.

Thanks!

> But
> /etc/shorewall/interfaces
> net   eth0
> loc   eth1
> vpn1  ipsec+
> vpn2  tun+
> 
> /etc/shorewall/zones
> vpn1  ipv4
> vpn2  ipv4
> fw    firewall
> net   ipv4
> lod   ipv4
    ^

...is "lod" supposed to be "loc"?  If so, is this typo in the e-mail, or
in your zones file?

> /etc/shorewall/policy
> vpn1  all     ACCEPT
> vpn2  all     ACCEPT
> all   vpn1    ACCEPT
> all   vpn2    ACCEPT
> 
> What is disturbing is in lrcfg I find no tunnels file.

Is there a tunnels file in /etc/shorewall?  I'm not running bering, so I
can't comment on the appearance (or not) of a tunnels file, but you
probably want one setup if you're running IPSec:

  http://www.shorewall.net/3.0/manpages/shorewall-tunnels.html
  http://www.shorewall.net/VPNBasics.html

Warning:  My current experience with shorewall and IPSec is with 2.6
series kernels (which handle IPSec in a completely different manner than
the 2.4 series), and with the firewall as an endpoint.  Any advice I
offer may or may not work and/or actually be useful. :)

- --
Charles Steinkuehler
[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHGSjrLywbqEHdNFwRAuhBAKDgSx/BKSnsqZp9rh+sXNCJ4D0eNgCg5khJ
Jj5t9B3IX44A9TeQKo3oH5o=
=1Zxc
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to