-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tibbs, Richard wrote:
> Doesn't work.
> Shorewall goes down with a message that does not make sense:
> same thing "not defined in zones ..."
Please also provide:
The exact error message, and at least a few lines of context prior to
the message.
The version of shorewall you're running.
The contents of your rules file.
Thanks!
> But
> /etc/shorewall/interfaces
> net eth0
> loc eth1
> vpn1 ipsec+
> vpn2 tun+
>
> /etc/shorewall/zones
> vpn1 ipv4
> vpn2 ipv4
> fw firewall
> net ipv4
> lod ipv4
^
...is "lod" supposed to be "loc"? If so, is this typo in the e-mail, or
in your zones file?
> /etc/shorewall/policy
> vpn1 all ACCEPT
> vpn2 all ACCEPT
> all vpn1 ACCEPT
> all vpn2 ACCEPT
>
> What is disturbing is in lrcfg I find no tunnels file.
Is there a tunnels file in /etc/shorewall? I'm not running bering, so I
can't comment on the appearance (or not) of a tunnels file, but you
probably want one setup if you're running IPSec:
http://www.shorewall.net/3.0/manpages/shorewall-tunnels.html
http://www.shorewall.net/VPNBasics.html
Warning: My current experience with shorewall and IPSec is with 2.6
series kernels (which handle IPSec in a completely different manner than
the 2.4 series), and with the firewall as an endpoint. Any advice I
offer may or may not work and/or actually be useful. :)
- --
Charles Steinkuehler
[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHGSjrLywbqEHdNFwRAuhBAKDgSx/BKSnsqZp9rh+sXNCJ4D0eNgCg5khJ
Jj5t9B3IX44A9TeQKo3oH5o=
=1Zxc
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
