Thanks for the info Benjamin,
I couldn't solve the problem til now so I just dropped the SuSEfirewall2 and
installed Shorewall instead which has a much more
clear Documentation on using IPSec with it. Btw, it took me only like 20min
to set up a working configuration with
Shorewall, but I'm not sure if this is a real alternative to SuSEfw
regarding security.
So I might try out the SuSEfw again with your suggestion but I think I'll
only do this if I find a good reason not to use Shorewall.
----- Original Message -----
From: "Benjamin P Myers"
To:
Sent: Monday, November 03, 2003 11:08 AM
Subject: Re: [suse-security] Problem with IPSec and SuSEfirewall2
SuSE-FW-ILLEGAL-TARGET
I had some trouble getting this set up, too. I had overlooked FW_MASQ_DEV
and
used the default which included all of the external interfaces. You don't
want to masq the stuff on ipsec0:
FW_MASQ_DEV="eth1"
Did the trick for me. I didn't have to mess with _updown, either. But
this,
of course, I only realized after i did exactly what you've done to _updown.
Perhaps it would be good to add a note in the faq mentioning not to nat the
ipsec interface.