[ previous ] [ next ] [ threads ]
 
 From:  Christoph Hanle <christoph dot hanle at leinpfad dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC Firewall Rules
 Date:  Wed, 12 Jul 2006 20:05:08 +0200
Phil Nichols schrieb:
> Hi,
> 
> I'm trying to set up a m0n0wall to m0n0wall VPN.
> 
> I've configured the VPN tuneel on both machines, but the VPN does not work.
> 
> I was about to start having a look and seeing what I had done wrong, when I
> realised that I had not configured any firewall rules to allow traffic
> between the two networks. I have read that m0n0wall should automatically
> generate the appropriate firewall rules - which hasn't happened. Is there
> any way of forcing the generation of these rules?
> 
> Alternatively, can somebody tell me what firewall rules I need to create to
> allow VPN traffic between these two networks?
The VPN is only the tunnel, not the traffic.
you have to create rules for the wanted traffic.
the simplistic rules are: allow all from local subnet(s) to remote 
subnet(s). you have to create these rule on both m0n0s.
you can only control the traffic from ... to ..., not vice versa.
better rules are of course only allow dedicated ports from and to 
dedicated IPs.

hope this helps for understanding.
bye
Christoph


> 
> Many thanks,
> 
> Phil Nichols
>