Hi List,
I have here several VPN connections with active "Auto Packet Filter".
I wanted now as described in the manual, the VPN connection via packed filters to permit.
#-#-#
Security Note:
If you want greater control over the packet filter rules, or
wish to manage them in a more centralized way, disable
the Auto Packet Filter function and enter the rules manually
in the Packet Filter/Rules menu.
#-#-#-
Although " Auto Packet Filter" is deactivated and there is no rule for the VPN connection, the data traffic functions by the tunnel.
That is actually wrong.
If one regards the whole more exactly(Current System Packet Filter Rules), one sees the following.
With "Chain AUTO_FORWARD" the appropriate rules one removed. That is so far correct.
The error shows up here.
In "Chain FORWARD" the order of the rules is wrong.
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6461K 4949M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT match
154 8700 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED ACCEPT
68057 6092K SPOOFING_PROTECTION all -- * * 0.0.0.0/0 0.0.0.0/0
68057 6092K PSD_MATCH all -- * * 0.0.0.0/0 0.0.0.0/0
68057 6092K SANITY_CHECKS all -- * * 0.0.0.0/0 0.0.0.0/0
68057 6092K AUTO_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
51134 4022K USR_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
4751 1129K LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0
"AUTO_FORWARD" comes before"USR_FORWARD", that is wrong. Because in "AUTO_FORWARD" all IPSEC connections is defined.
Therefore also the package filters rules (USR_FORWARD) without effect.
Astaro give me please a workaround.
Stefan
This thread was automatically locked due to age.
