<div>Did you add rule in FORWARD chain to ACCEPT </div>
<div><a href="http://192.168.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.0/24</a> -> net_behind_pix </div>
<div>?<br><br> </div>
<div><span class="gmail_quote">On 10/20/05, <b class="gmail_sendername">Lelio Parisi</b> <<a href="mailto:piccololean@yahoo.it">piccololean@yahoo.it</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">thanks... I've tried but the problem persist<br><br><br><br>--- "<a href="mailto:tvsjr@sprynet.com">tvsjr@sprynet.com
</a>" <<a href="mailto:tvsjr@sprynet.com">tvsjr@sprynet.com</a>> ha<br>scritto:<br><br>> I believe you're mangling the tunnel with your<br>> masquerade. Add an exemption for the remote<br>> network...<br>
> iptables -A POSTROUTING -t nat -o ppp0 -d ! <remote<br>> network> -j MASQUERADE<br>><br>> I use a tool called Firewall Builder<br>> (<a href="http://www.fwbuilder.org">www.fwbuilder.org</a>) to build my firewall rules. It
<br>> puts a Checkpoint-ish interface on the front end of<br>> iptables, ipfw, etc. and builts scripts for you.<br>> Absolutely wonderful... I don't grok iptables rules<br>> without having to think about them... but the 150+
<br>> rules in my primary firewall are easy to understand<br>> and manage in the Firewall Builder interface.<br>><br>> Terry<br>><br>> -----Original Message-----<br>> From: Lelio Parisi <<a href="mailto:piccololean@yahoo.it">
piccololean@yahoo.it</a>><br>> Sent: Oct 19, 2005 11:59 AM<br>> To: <a href="mailto:users@openswan.org">users@openswan.org</a><br>> Subject: [Openswan Users] maybe iptables is the<br>> problem??<br>><br>
> Regard my problem... can it be a wrong iptables<br>> setting?? My openswan box has a ppp0 interface and a<br>> eth0 interface with <a href="http://192.168.0.1"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.1" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.1</a> IP address. The pcs<br>> behind it has
192.168.0.x address and to let them go<br>> out over internet I put on linux openswan:<br>><br>> ifconfig eth0 <a href="http://192.168.0.1"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.1" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.1</a><br>> iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
<br>> echo 1 > /proc/sys/net/ipv4/ip_forward<br>><br>> maybe there's something wrong so the packets can't<br>> reach the other side (the pix)?<br>> thanks<br>><br>><br>><br>><br>><br>><br>
> ___________________________________<br>> Yahoo! Mail: gratis 1GB per i messaggi e allegati da<br>> 10MB<br>> <a href="http://mail.yahoo.it">http://mail.yahoo.it</a><br>> _______________________________________________
<br>> Users mailing list<br>> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>> <a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br>>
<br>><br>><br>><br><br><br><br><br>___________________________________<br>Yahoo! Messenger: chiamate gratuite in tutto il mondo<br><a href="http://it.messenger.yahoo.com">http://it.messenger.yahoo.com</a><br>_______________________________________________
<br>Users mailing list<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br></blockquote></div>
<br>