Thank you Peter, <br>That's what I though. I will double check my configuration and will try again. <br><br>-Jai<br><br><div><span class="gmail_quote">On 10/2/07, <b class="gmail_sendername">Peter McGill</b> <<a href="mailto:petermcgill@goco.net">
petermcgill@goco.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">First method should work, and work easier because there is
no NAT (Network Address Translation) to worry about.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">No reason the FORWARD rules wouldn't work on Public IPs, I
don't think they care at all what IP you give.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Make sure you don't use MASQUERADE, SNAT or DNAT
rules.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">-A adds the rules to the end of the chain, are there any
earlier rules that might block the public traffic?</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">iptables -t filter -n -v -L</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">iptables -t nat -n -v -L</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">iptables -t mangle -n -v -L</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Will show you all your firewall rule
details.</font></span></div>
<div><font color="#0000ff" face="Arial" size="2"></font> </div>
<div align="left"><font face="Arial" size="2">Peter McGill</font></div>
<div> </div><br>
<blockquote style="border-left: 2px solid rgb(0, 0, 255); padding-left: 5px; margin-left: 5px; margin-right: 0px;">
<div dir="ltr" align="left" lang="en-us">
<hr>
<font face="Tahoma" size="2"><b>From:</b> <a href="mailto:users-bounces@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">users-bounces@openswan.org</a>
[mailto:<a href="mailto:users-bounces@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">users-bounces@openswan.org</a>] <b>On Behalf Of </b>Jai
Rangi<br><b>Sent:</b> October 2, 2007 2:56 AM<br><b>To:</b>
<a href="mailto:users@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">users@openswan.org</a><br><b>Subject:</b> [Openswan Users] Firewall,Routing and
Tunneling between public networks<br></font><br></div><div><span class="q" id="q_11560e921ce94bc4_1">
<div></div>Hello List,<br>I am trying to set up a linux server as a
router/firewall and set up a SIP tunneling between two public networks. <br>My
Diagram will be something like this<br>Internet <-----> Linux Router
<--------------> My Internal Network with Public IPs. <br>Say My Network
IPs are <a href="http://216.209.14.192/26" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.192/26</a> <br>I tried
this setup.<br><br>Internet <----> <a href="http://216.209.14.197" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.197</a> (ExtIP <- Default Gateway
<a href="http://216.209.14.193" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.193</a> Router -> Internal IP)
<a href="http://216.209.14.198" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.198</a> <------> My Servers
connected through a switch with IPs 216.209.14.199-254 with Default Gateway <a href="http://216.209.14.198" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.198</a>. <br>This set up did not work.
<br><br>If I do this<br>Internet <----> <a href="http://216.209.14.197" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.197</a> (ExtIP <- Default Gateway
<a href="http://216.209.14.193" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">216.209.14.193</a> Router -> Internal IP)
<a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a> <------> My Servers
connected through a switch with IPs 192.168.1.199-254 with Default Gateway <a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a>.<br><br>I can go out through ip
forwarding like this... <br>iptables -P FORWARD DROP<br>iptables -A FORWARD -s
${HUB_LAN} -j ACCEPT<br>iptables -A FORWARD -d ${HUB_LAN} -j ACCEPT
<br><br>These rules does not work with public IPs. <br><br>My Other Questions
are<br>1. Can I use racoon for SIP tunneling, is there any limit on number of
sessions. Bought a juniper router and found out that the router supports on 16
channels. I need to support at least 400 SIP channels. <br>2. I have seen a
lot of documentation of setting up Masquarding and IP Forwarding. I made it
work but that does not solve my purpose. I need to assign Public IP to the my
machines behind the router so that outside world can access those machines
through router directly. <br>3. I need to have tunneling with one service
provider for network <a href="http://56.211.34.23/27" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">56.211.34.23/27</a>. For
rest of the world I want the traffic to go through the router without any
modification. I might want to add some firewall rules later for some specific
port. <br><br>I will appreciate if some one can give me some lead on how can I
achieve this. <br><br>Thank you,<br>JP<br></span></div></blockquote></div>
</blockquote></div><br>