Hi Bas, Bas Rijniersce wrote: > Hello, > > I have a firewall with three "real" interfaces and one "virtual" > interface for OpenSwan (ipsec0) that has the same IP as th WAN iface. > Vuurmuur automaticly creates a MASQ rule for this interface. In the MASQ > rule there is not way to manually set the outgoing iface to which it > applies (?)
You can limit rules to specific interfaces. In the 'edit rule' screen press F5 for advanced options and you will see that a 'Outgoing interface' field appears. Here you can select the interface that the rule needs to apply to. Note that only the interfaces attached to the destination network are selectable. In your case you should select your WAN interface. This way the ipsec0 interface should be excluded from the masq. Btw, is there any reason for choosing masq over snat? Snat does the same but is slightly faster, and keeps connections open if the interface goes down and up again. Masq is more useful for dialup connections with dynamic ipaddresses. Thats the theory anyway :-) Hope this helps! Cheers, Victor > > As a result packets going into the ipsec tunnel are masked with the > public IP, as a result breaking the tunnel. > > I now safe the ruleset with vuurmuur -b, edit out the line with MASQ for > iface ipsec0 and thenr un it.. Very easy to forget the next time you do > a change :-) > > Any workaround to make this easier? > > Bas > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > ------------------------------------------------------------------------ > > _______________________________________________ > Vuurmuur-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/vuurmuur-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
