Cyber Dog wrote:
> The only problem I
> have is for some reason it feels like a sloppy solution to be manually
> adding routes outside of shorewall, which basically controls the rest
> of the routing/natting/vpn/etc for the machine. Is there a way to add
> this vpn route within Shorewall, or is
Jan van der Vyver wrote:
>
> Have you played around ping -I
>
> I supect that when you ping from your firewall the src ip for that ping is
> not in the subnet that you allow in your ipsec conf.
>
> Example:
>
> If your FW local ip on the lan is 192.168.10.10
>
> Then
>
> Ping -I 192.168.10
On 11/1/06, Tom Eastep <[EMAIL PROTECTED]> wrote:
>
> The fact that the firewall's external IP is not part of the defined Security
> Policies is often the cause of the problem originally reported. I perfer to
> define additional SPs to handle that traffic (see
> http://www.shorewall.net/IPSEC-2.6.h
I am having a most peculiar problem with Shorewall 3.2.4 on a Debian
Etch firewall. I upgraded to 3.2.4 to get access to the rule-based
matching in tcrules; this has allowed me to quite successfully
discriminate between SSH and SCP packets, prioritizing one and not the
other.
Until today, th
