From owner-freebsd-questions Mon Jan 28 10: 3:23 2002 Delivered-To: freebsd-questions@freebsd.org Received: from web13401.mail.yahoo.com (web13401.mail.yahoo.com [216.136.175.59]) by hub.freebsd.org (Postfix) with SMTP id ED21737B416 for ; Mon, 28 Jan 2002 10:03:14 -0800 (PST) Message-ID: <20020128180314.38424.qmail@web13401.mail.yahoo.com> Received: from [213.130.12.214] by web13401.mail.yahoo.com via HTTP; Mon, 28 Jan 2002 10:03:14 PST Date: Mon, 28 Jan 2002 10:03:14 -0800 (PST) From: tim Nikolaev Subject: HELP!! To: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, first of all let me sank you for a greate OS!!!! But i have a problem:( I need to setup IPSEC connections (manual keying)between two subnets 1.2.3.0/24 gateway FreeBSD 4.3 and 5.6.7.0/24 gateway FreeBSD 5.0)(tunnel mode) I allowed ip packets between gateway's external interfaces, and FROM ANY TO ANY throu the internal interfaces. When i try ping from one subnet to another everything is fine :) BUT!!! when i ping address (from subnet with FreeBSD 4.3 gateway) for example Inet or any other IP address, FIREWALL v 1.30.2.12 tells me PERMISSION DENIED. As i know the first is ipsec packet incapsulation and then firewall, why firewall looks throu the esp-header ? Everything works fine between two FreeBsd 5.0 routers. If you can please help me :0 Sank's again for a GREATE OS!!! :))))) __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message