Add NAT support with remote IPSEC zone; add UDP 4500 to ipsecnat support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@398 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-15 04:04:10 +01:00 · 2003-01-07 16:26:41 +00:00 · 2003-01-07 16:26:41 +00:00 · bdcf22b4f8
commit bdcf22b4f8
parent feb0752113
1 changed files with 7 additions and 2 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1367,12 +1367,18 @@ setup_tunnels() # $1 = name of tunnels file
 	    run_iptables -A $inchain  -p udp -s $1 --sport 500 --dport 500 $options
 	else
 	    run_iptables -A $inchain  -p udp -s $1 --dport 500 $options
+	    run_iptables -A $inchain  -p udp -s $1 --dport 4500 $options
 	fi

 	for z in `separate_list $3`; do
 	    if validate_zone $z; then
 		addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
-		addrule ${z}2${FW} -p udp --sport 500 --dport 500 $options
+		if [ $2 = ipsec ]; then
+		    addrule ${z}2${FW} -p udp --sport 500 --dport 500 $options
+		else
+		    addrule ${z}2${FW} -p udp --dport 500 $options
+		    addrule ${z}2${FW} -p udp --dport 4500 $options
+		fi
 	    else
 		error_message "Warning: Invalid gateway zone ($z)" \
 		" -- Tunnel \"$tunnel\" may encounter keying problems"
@ -4495,7 +4501,6 @@ do_initialize() {
 	exit 2
    fi

-
    FUNCTIONS=$SHARED_DIR/functions

    if [ -f $FUNCTIONS ]; then