Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] Problem with IPSec and SuSEfirewall2 SuSE-FW-ILLEGAL-TARGET
Thanks for the info Benjamin,

I couldn't solve the problem til now so I just dropped the SuSEfirewall2 and
installed Shorewall instead which has a much more
clear Documentation on using IPSec with it. Btw, it took me only like 20min
to set up a working configuration with
Shorewall, but I'm not sure if this is a real alternative to SuSEfw
regarding security.
So I might try out the SuSEfw again with your suggestion but I think I'll
only do this if I find a good reason not to use Shorewall.

----- Original Message -----
From: "Benjamin P Myers" <dative@xxxxxxxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Monday, November 03, 2003 11:08 AM
Subject: Re: [suse-security] Problem with IPSec and SuSEfirewall2
SuSE-FW-ILLEGAL-TARGET


I had some trouble getting this set up, too. I had overlooked FW_MASQ_DEV
and
used the default which included all of the external interfaces. You don't
want to masq the stuff on ipsec0:

FW_MASQ_DEV="eth1"

Did the trick for me. I didn't have to mess with _updown, either. But
this,
of course, I only realized after i did exactly what you've done to _updown.
Perhaps it would be good to add a note in the faq mentioning not to nat the
ipsec interface.



< Previous Next >
References