On Tue, Jun 19, 2001 at 05:55:09PM +0200, Schulz, Wolfgang wrote:
Hi list!
As soon as we start the firewall script (Version 4.1) ipsec doesn't work anymore.
I remember having the same problem in the past. AFAIK the firewalls must
accept incoming requests from the outside on port 500/UDP. Also the
firewall doesn't know the net behind his partner, so any input from
these IPs to the internal net is denied.
I remember that I set the following ipchains rules (or something like
that) manually on both machines:
On firewall A this (may have) looked like
ipchains -I forward -b -s [local net B] -d [local net A] -j ACCEPT
ipchains -I input -b -s [local net B] -d [local net A] -j ACCEPT
ipchains -I output -b -s [local net B] -d [local net A] -j ACCEPT
and on firewall B you must swap the networks, of course ;-)
After that it worked fine for me. I think you can set these rules
in /etc/rc.config.de/firewall-custom.rc.config
Greetings!
--
-----------------------------------------------------------------
Tobias Gewinner