Hi Christoph, On 2001.08.20 10:31:35 +0100 Christoph Egger wrote:
On Monday, 20. August 2001 10:55, maf@cybereye.co.uk wrote:
Hi Christoph,
From your logfile:
Aug 20 11:39:06 ipseca kernel: Packet log: input ACCEPT eth0 PROTO=1 10.0.1.1:8 192.168.2.1:0 L=60 S=0x00 I=5606 F=0x0000 T=128 (#11) Aug 20 11:39:06 ipseca kernel: Packet log: input ACCEPT eth1 PROTO=50 62.180.107.60:65535 62.180.107.61:65535 L=112 S=0x00 I=45938 F=0x0000 T=64 (#32) Aug 20 11:39:06 ipseca kernel: Packet log: input DENY ipsec0 PROTO=1 192.168.2.1:0 10.0.1.1:0 L=60 S=0x10 I=62222 F=0x0000 T=254 (#59)
Looks like the interface ipsec0 is being DENYed by default. Try inserting a couple of rules in your firewall : INPUT : allow everything from interface ipsec0 OUTPUT : allow everything to ipsec0 Maybe you also need to do the routed patches I suggested earlier? Maybe SuSE firewall config needs something like FW_DEV_WORLD = eth1, ipsec0 <---- Will this work??? Hopefully someone who knows if you can do this with SuSE firewall 4.9 will answer here... HTH, Maf. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~