No, I don't think any of the shorewall messages at
around that time are related.
--On Thursday, July 25, 2002 11:05:24 -0700 Dragon
Wood
<[EMAIL PROTECTED]> wrote:
>
> initiating Quick
> Mode RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
to
> replace #290
>
> Any
I've searched the archives but didn't see anything on
this one. I have a IPSec VPN tunnel between two Bering
boxes (rc2) running FreeS/WAN. Everything is working
almost perfectly except that the VPN disconnects
intermittently, sometimes as often as once every 1/2
hr or so. In the IPSec log, I see
I apologize if this is a little unrelated, but one of
my bering boxes behaves differently from my other
bering boxes in a ssh session. The ssh session simply
disconnects when I press ctrl-c at the # prompt. This
does not happen on the other boxes. I am using the
same client (putty) to access these
e responses.
>
> tcpdump would show you all packets on the 172.16.100
> lan.
>
> If you accessed a Web Server via VPN, you are
> routing well.
>
> Looks like you need to get out the old toolbox.
>
>
>
>
>
>
>
> Dragon Wood <[EMAIL PRO
gt;
> However, as Tom Eastep just pointed out, you are now
> NATing
> EVERYTHING on the inside of Bering.
> You should consider NAT only those packets of source
> net
> from VPN clients. That is if you have a reasonable
> no. of VPN
> subnets which you are serving.
>
>
&g
Thanks Tom. That's a much cleaner and easier to
maintain way. I restricted the SNAT to the subnet of
the VPN client network as suggested. Works great.
--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> On Fri, 21 Jun 2002, Dragon Wood wrote:
>
> > Yes it worked! Than
Yes it worked! Thank you very much Phillip.
By the way, I put the suggested iptables command in
/etc/shorewall/start like so:
run_iptables -t nat -A POSTROUTING -o eth1 -j SNAT
--to-source 172.16.100.1
Does anyone know if that is the best way to do so in
Shorewall or is there a better way to do
I am using bering rc2. The /var/log directory gets
filled up quickly. How can I set it up such that the
files get automatically forwarded to an email address
and deleted when gets to a certain size?
__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Exper
Thank you very much for the reply. I will try that.
--- Eric Wolzak <[EMAIL PROTECTED]> wrote:
> Hello Dragon
>
> > I am using Bering with Shorewall 1.2.12. I can't
> seem
> > to use a rule to filter by MAC address. Does the
> > Bering kernel include CONFIG_IP_NF_MATCH_MAC
> support? Thanks.
> >
I am using Bering with Shorewall 1.2.12. I can't seem
to use a rule to filter by MAC address. Does the
Bering kernel include CONFIG_IP_NF_MATCH_MAC support? Thanks.
__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
___
10 matches
Mail list logo
