----- Original Message ----- From: "Mike Lander" <[EMAIL PROTECTED]> To: "Shorewall Users" <[email protected]> Sent: Wednesday, November 08, 2006 11:48 AM Subject: Re: [Shorewall-users] Mulit-Isp with Ipsec
> Tom Wrote > Mike, > > We'll need to see the output of "shorewall dump" captured when IPSEC is > not > working. > > -Tom > > The first post was with Ipsec Broken. IE pings are timed out. > One interesting note is if I restart networking on this box > Shorewall will block the pings to 172.30.0.15 in the forward chain. > I could send a post of that I dont know if it would help. > But restarting networking clears all shorewalls routing. > Restarting shorewall, after a networking restart then > Ipsec pings to the other side seem to be silently dropped > by the Kernel. BTW on all these dumps host 10.194.79.5 > (my xp box) is pinging 172.30.0.15 > other host in tunnel 65.203.186.182 > with ping -t 172.30.0.15 and are timing > out. > > Thanks > Mike I might add that out of desperation of many nights. I just added this last night thinking since there is no ipsec0 that all the traffic is going through eth0 for Ipsec. I added this to tc rules 512:P eth0 0.0.0.0/0 ESP 2:F eth0 0.0.0.0/0 ESP 2 $FW 0.0.0.0/0 ALL and this to shorewall start iptables -I all2all -i eth0 -d 0.0.0.0/0 -m mark --mark 2 -j ACCEPT iptables -I all2all -o eth0 -d 0.0.0.0/0 -m mark --mark 2 -j ACCEPT I forgot to change one back to 512 since you cant mark prerouting here with High Marks on, last night I had tryed turning off High marks and using 2 for eth0 Mike ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
