From 8f5d49a51788e8ccfa37d54338670ce8816e7754 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 22 Mar 2007 22:27:26 +0000 Subject: [PATCH] Fix ipsecnat tunnels git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5637 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/lib.tunnels | 1 + Shorewall/releasenotes.txt | 3 +++ 3 files changed, 6 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 011001c7f..83f08dbcd 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -7,6 +7,8 @@ Changes in 3.4.2 3) Fix 'none[!]' and built-in actions. +4) Fix 'ipsecnat' tunnels. + Changes in 3.4.1 1) Add rest of proxy arp fix. diff --git a/Shorewall/lib.tunnels b/Shorewall/lib.tunnels index 21c2755fc..0432adf58 100644 --- a/Shorewall/lib.tunnels +++ b/Shorewall/lib.tunnels @@ -67,6 +67,7 @@ setup_tunnels() # $1 = name of tunnels file else run_iptables -A $inchain -p udp $source --dport 500 $options run_iptables -A $inchain -p udp $source --dport 4500 $options + run_iptables -A $outchain -p udp $dest --dport 4500 $options fi for z in $(separate_list $2); do diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index fe48e1973..5726754fb 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -43,6 +43,9 @@ Problems corrected in Shorewall 3.4.2 Shorewall now correctly suppresses generation of log messages when a log level of 'none' or 'none!' is given to a built-in action. +4) Tunnels of type 'ipsecnat' would sometimes fail to work because of + a missing rule. + Migration Considerations: If you are migrating from a Shorewall version earlier than 3.2.0 then