[Openswan Users] openswan and firewall problems
Massimo Mazzoldi
mmazzoldi at direte.it
Mon May 30 16:43:06 CEST 2005
Thank you a lot... Michael...
I worked it out rather easily with your help!!!
Best Regards
Massimo Mazzoldi
Michael Liebl <micology at despammed.com> on venerdì 27 maggio 2005 at 7.13 +0100
wrote:
>Something like this:
>
>## Allow Authenticated Traffic to Host.
># Allow ISAKMP for IPSEC. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
># -j LOG --log-level $LOGLEVEL --log-prefix "INPUT ISAKMP ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -s $IPSEC_NET -p udp --sport isakmp
>--dport isakmp\
> -j ACCEPT
>
># Allow marked Packets to Host. ok
>#$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
># -j LOG --log-level $LOGLEVEL --log-prefix "ESP INPUT ACCEPT: "
>$IPTABLES -A INPUT -i $IPSEC_IF -m mark --mark 3\
> -j ACCEPT
>
>## Tag Incoming IPSec Traffic. 'mark' sticks after processing. ok
>#$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
># -j LOG --log-level $LOGLEVEL --log-prefix "ESP PREROUTING MARK: "
>$IPTABLES -t mangle -A PREROUTING -i $IPSEC_IF -p esp\
> -j MARK --set-mark 3
>
>Good luck.
>--
> <) .--. Bei E-Mail Antworten muss der Betreff
> )#=+ ' mit 'USENET' beginnen, sonst > /dev/null
> /## | .+. Liebe Grüsse,
>,,/###,|,,,,,,|,,,, Michael
More information about the Users
mailing list