[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] openswan and firewall problems
From: "Massimo Mazzoldi" <mmazzoldi () direte ! it>
Date: 2005-05-30 13:43:06
Message-ID: fc.00000001000440a50000000100043cd7.440a6 () direte ! it
[Download RAW message or body]
Thank you a lot... Michael...
I worked it out rather easily with your help!!!
Best Regards
Massimo Mazzoldi
Michael Liebl <micology@despammed.com> on venerdì 27 maggio 2005 at 7.13 +0100
wrote:
>Something like this:
>
>## Allow Authenticated Traffic to Host.
># Allow ISAKMP for IPSEC. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
># -j LOG --log-level $LOGLEVEL --log-prefix "INPUT ISAKMP ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
> -j ACCEPT
>
># Allow marked Packets to Host. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
># -j LOG --log-level $LOGLEVEL --log-prefix "ESP INPUT ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
> -j ACCEPT
>
>## Tag Incoming IPSec Traffic. 'mark' sticks after processing. ok
>#$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
># -j LOG --log-level $LOGLEVEL --log-prefix "ESP PREROUTING MARK: "
>$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
> -j MARK --set-mark 3
>
>Good luck.
>--
> <) .--. Bei E-Mail Antworten muss der Betreff
> )#=+ ' mit 'USENET' beginnen, sonst > /dev/null
> /## | .+. Liebe Grüsse,
>,,/###,|,,,,,,|,,,, Michael
_______________________________________________
Users mailing list
Users@openswan.org
http://lists.openswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic