Hello all, I've recently configured and IPsec VPN between my OpenSUSE 10.2 router firewall running shorewall 3.4.4 and a friends Draytek Vigro 2930 ADSL modem/router/firewall. All is good other than my router can't ping anything on my friends LAN, however machines on my LAN behind the firewall can ping machines on my friends firewall without problem.
I've updated my policy file to be as follows: ############################################################################### #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net ACCEPT loc $FW ACCEPT $LOG loc vpn ACCEPT loc all REJECT $LOG $FW net ACCEPT $FW loc ACCEPT $LOG $FW vpn ACCEPT $FW all REJECT $LOG vpn loc ACCEPT vpn $FW ACCEPT net $FW DROP $LOG # THE FOLLOWING POLICY MUST BE LAST net loc DROP $LOG net vpn DROP net all DROP $LOG all all REJECT $LOG #LAST LINE -- DO NOT REMOVE So, I've allowed traffic from $FW to vpn and from vpn to $FW. Having looked at the documentation at www.shorewall.net that seems to be all I need to do. I can't help thinking I must have missed something really obvious but if I have I can't spot it. I've not updated any rules to allow specific types of traffic to/from the router. I understood that the policy should allow everything to/from the router to the vpn zone. Is that correct? Kind regards, Steve. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
