Date: Thu, 29 Nov 2001 09:46:30 -0500 (EST) From: "H. Wade Minter" <minter@lunenburg.org> To: Scott Nolde <scott@smnolde.com> Cc: questions@FreeBSD.ORG Subject: Re: Allowing IPSec through FreeBSD/ipfw gateway Message-ID: <20011129094514.Y30301-100000@bunning.skiltech.com> In-Reply-To: <20011129093152.P95091-100000@bsd.smnolde.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Nov 2001, Scott Nolde wrote:
> Make your rules simpler without degrading the effectiveness of your
> firewall. I run natd on my firewall, but have these rules in place before
> the divert statement:
>
> ipfw allow ip from any to ${VPN}
> ipfw allow ip from ${VPN} to any
>
> where ${VPN} is the other enpoint of the VPN server.
>
> Try that and then get a little tighter once you sniff the traffic more.
Adding that before my divert statement hung the FreeS/WAN connection
earlier than the other rules did. :-/
The connection works if I dial up via mindspring, in case I didn't add
that before.
--Wade
--
Do your part in the fight against injustice.
Free Dmitry Sklyarov! http://www.freesklyarov.org/
Fight the DMCA! http://www.anti-dmca.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129094514.Y30301-100000>