[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] openswan and firewall problems
From:       "Massimo Mazzoldi" <mmazzoldi () direte ! it>
Date:       2005-05-30 13:43:06
Message-ID: fc.00000001000440a50000000100043cd7.440a6 () direte ! it
[Download RAW message or body]

Thank you a lot... Michael...

I worked it out rather easily with your help!!!

Best Regards
Massimo Mazzoldi

Michael Liebl <micology@despammed.com> on venerdì 27 maggio 2005 at 7.13 +0100
wrote:
>Something like this:
>
>## Allow Authenticated Traffic to Host.
># Allow ISAKMP for IPSEC. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
>#       -j LOG --log-level $LOGLEVEL --log-prefix "INPUT ISAKMP ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
>        -j ACCEPT
>
># Allow marked Packets to Host. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
>#       -j LOG --log-level $LOGLEVEL --log-prefix "ESP INPUT ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
>        -j ACCEPT
>
>## Tag Incoming IPSec Traffic. 'mark' sticks after processing. ok
>#$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
>#       -j LOG --log-level $LOGLEVEL --log-prefix "ESP PREROUTING MARK: "
>$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
>        -j MARK --set-mark 3
>
>Good luck.
>-- 
>    <) .--.	      Bei E-Mail Antworten muss der Betreff
>    )#=+  '	     mit 'USENET' beginnen, sonst > /dev/null
>   /## |     .+.						Liebe Grüsse,
>,,/###,|,,,,,,|,,,,						Michael


_______________________________________________
Users mailing list
Users@openswan.org
http://lists.openswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic