<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16525" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>Ok, so if all your internal communication with your various
subnets is working and the only thing lacking is internet
communication.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>It may be your ISP router. Since your subdividing the
subnet given by your ISP, all traffic should get to your ISP router, no problem
there.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>But your ISP router might not be forwarding to your
internal subnet gateways correctly thinking you have just one large subnet that
they've assigned you.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>I suggest either telling your ISP about your subletting
scheme with gateways so they can correctly forward inbound traffic to your
subnet gateways,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>or else ask them to forward all traffic to a
single machine that you control that is directly connected to the ISP
router.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>Then setup the routing on that machine to forward all your
internal traffic correctly. The first option results in less router hops/network
delay, but</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=538273414-04102007><FONT face=Arial
color=#0000ff size=2>the second option allows you to more easily reconfigure
your internal subnets without contacting your ISP.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Jai Rangi [mailto:jprangi@gmail.com]
<BR><B>Sent:</B> October 4, 2007 1:08 AM<BR><B>To:</B>
petermcgill@goco.net<BR><B>Cc:</B> users@openswan.org<BR><B>Subject:</B> Re:
[Openswan Users] Firewall,Routing and Tunneling between public
networks<BR></FONT><BR></DIV>
<DIV></DIV>Peter, <BR>Thank you for looking in this. <BR>
<DIV dir=ltr align=left><SPAN style="COLOR: rgb(0,0,0)"><FONT face=Arial
size=2>I restarted my machine and now I am able to ping from <A
href="http://216.209.3.192/27">216.209.3.192/27</A> network, if I define the
routing table. In another server <A
href="http://216.209.3.201">216.209.3.201</A>, I add the rule in the routing
table. <BR><SPAN style="FONT-WEIGHT: bold"><A
href="http://206.216.3.224">206.216.3.224</A> </SPAN></FONT><FONT
style="FONT-WEIGHT: bold" face=Arial size=2>206.216.3</FONT><FONT face=Arial
size=2><SPAN style="FONT-WEIGHT: bold">.212 <A
href="http://255.255.255.240">255.255.255.240 </A>UG
0 0 0
eth0</SPAN><BR></FONT><FONT face=Arial size=2>206.216.3</FONT><FONT face=Arial
size=2>.192
*
<A href="http://255.255.255.192">255.255.255.192</A> U
0 0 0
eth0 <BR><A href="http://192.168.2.0">192.168.2.0</A>
*
<A href="http://255.255.255.0">255.255.255.0</A>
U 0
0 0 eth1<BR><A
href="http://192.168.1.0">192.168.1.0</A>
*
<A href="http://255.255.255.0">255.255.255.0</A>
U 0
0 0 eth1<BR><A
href="http://169.254.0.0">169.254.0.0</A>
*
<A href="http://255.255.0.0">255.255.0.0</A>
U 0
0 0
eth1<BR>default </FONT><FONT
face=Arial size=2>206.216.3</FONT><FONT face=Arial size=2>.193 <A
href="http://0.0.0.0">0.0.0.0</A>
UG 0
0 0 eth0<BR><BR>I can ping <A
href="http://216.209.3.235">216.209.3.235</A> from <A
href="http://216.209.2.201">216.209.2.201</A> and vise versa<BR><BR><SPAN
style="COLOR: rgb(0,0,0)">Internet router <--->
(</SPAN></FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial size=2><A
href="http://206.216.3.192/26"> 206.216.3.192/26</A> network and router is one
of them </FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial
size=2>206.216.3</FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial
size=2>.212) </FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial size=2><A
href="http://206.216.3.224/28">206.216.3.224/28</A> is behind the router.
<BR>So this works. <BR></FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial
size=2><A href="http://206.216.3.201">206.216.3.201</A> ---- router
</FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial size=2>206.216.3212 (eth0)
</FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial size=2>206.216.3.225(eth1)
----- </FONT><FONT style="COLOR: rgb(0,0,0)" face=Arial
size=2>206.216.3.224.235 with gateway <A
href="http://216.209.3.225">216.209.3.225</A></FONT></SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)"><FONT face=Arial
size=2><BR>But when I try ping something on internet from
</FONT></SPAN><SPAN><FONT face=Arial color=#0000ff size=2><SPAN
style="COLOR: rgb(0,0,0)"><A href="http://206.216.3.235">206.216.3.235</A>.
Seems the traffic goes out but does not find the way to come back. This is
what I get from tcpdump on my router.. </SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">[root@bser2
sysconfig]# tcpdump | grep "235\|158"</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">tcpdump: verbose
output suppressed, use -v or -vv for full protocol decode </SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">listening on eth0,
link-type EN10MB (Ethernet), capture size 96 bytes</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04: 01.092356 IP
ip68-4-78-109.oc.oc.cox.net.apollo-gms > bser2.bingotelecom.com.24646: P
1197:1249(52) ack 436 win 64499</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">22:04:03.105456 IP <A
href="http://216.209.3.235">216.209.3.235</A> > <A
href="http://f1.www.vip.sp1.yahoo.com">f1.www.vip.sp1.yahoo.com</A>: ICMP echo
request, id 512, seq 23041, length 40</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04: 03.105939 IP
bser2.bingotelecom.com.filenet-pa > ns1.yahoo.com.domain: 43789 [1au]
PTR? 158.36.131.209.in-addr.arpa. (56)</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:03.117544 arp
who-has <A href="http://216.209.3.235">216.209.3.235</A> tell <A
href="http://216.209.3.194">216.209.3.194</A></SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:03.158959 IP
ip68-4-78-109.oc.oc.cox.net.apollo-gms > bser2.bingotelecom.com.24646: P
3225:3277(52) ack 804 win 65535</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">22:04:03.158972 IP bser2.bingotelecom.com.24646 >
ip68-4-78-109.oc.oc.cox.net.apollo-gms : . ack 3277 win 12168</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:04.101588 IP
bser2.bingotelecom.com.24646 > ip68-4-78-109.oc.oc.cox.net.apollo-gms: .
ack 3745 win 12168</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">22:04:04.542637 IP bser2.bingotelecom.com.filenet-pa
> dill.arin.net.domain: 1587 [1au] PTR? 16.255.142.68.in-addr.arpa.
(55)</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">22:04:04.556305 IP dill.arin.net.domain >
bser2.bingotelecom.com.filenet-pa: 1587- 0/5/1 (154)</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:08.472526 IP
<A href="http://216.209.3.235">216.209.3.235</A> > <A
href="http://f1.www.vip.sp1.yahoo.com">f1.www.vip.sp1.yahoo.com</A>: ICMP echo
request, id 512, seq 23297, length 40</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04: 08.483996 arp
who-has <A href="http://216.209.3.235">216.209.3.235</A> tell <A
href="http://216.209.3.194">216.209.3.194</A></SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:13.480338 IP
<A href="http://216.209.3.235">216.209.3.235</A> > <A
href="http://f1.www.vip.sp1.yahoo.com">f1.www.vip.sp1.yahoo.com</A>: ICMP echo
request, id 512, seq 23553, length 40</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04: 13.492228 arp
who-has <A href="http://216.209.3.235">216.209.3.235</A> tell <A
href="http://216.209.3.194">216.209.3.194</A></SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:15.475158 IP
bser2.bingotelecom.com.24646 > ip68-4-78-109.oc.oc.cox.net.apollo-gms: .
ack 7801 win 12168</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">22:04:18.488138 IP <A
href="http://216.209.3.235">216.209.3.235</A> > <A
href="http://f1.www.vip.sp1.yahoo.com">f1.www.vip.sp1.yahoo.com</A>: ICMP echo
request, id 512, seq 23809, length 40</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">22:04:18.499693 arp
who-has <A href="http://216.209.3.235">216.209.3.235 </A>tell <A
href="http://216.209.3.194">216.209.3.194</A></SPAN><BR><BR></FONT></SPAN><SPAN><FONT
face=Arial color=#0000ff size=2><BR>Is your windows firewall enabled or
configured to allow the traffic you want to allow?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Windows
firewall has a pretty strict default configuration on XP SP2 and up.<BR><SPAN
style="COLOR: rgb(0,0,0)">My Windows firewall is open and I can ping that from
my router. </SPAN><BR></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Is
forwarding enabled in your kernel?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>cat
/proc/sys/net/ipv4/ip_forward</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>echo "1"
> /proc/sys/net/ipv4/ip_forward</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN></SPAN>Yes<BR><BR></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Does your
internet router <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193/" target=_blank>216.209.3.193 </A>know to forward
traffic for <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.224/28" target=_blank>216.209.3.224/28</A> to <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.212/" target=_blank>216.209.3.212</A> (ie. use .212
as gateway/route for .224/28)?<BR><SPAN
style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)">OK, This might
be the case, cause </SPAN></FONT></SPAN><SPAN><FONT face=Arial color=#0000ff
size=2><A style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)"
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193/" target=_blank>216.209.3.19</A><SPAN
style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)">3 is managed by
my internet service provider. They have given me a cable that goes in one of
my switch. My network from ISP is <A
href="http://216.209.3.192/26">216.209.3.192/26</A>, which I was sub dividing
to build my Linux router. </SPAN><BR
style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)"><SPAN
style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)"><A
href="http://216.209.3.192/27">216.209.3.192/27</A> outside of router and <A
href="http://219.209.3.224/28">219.209.3.224/28</A> behind the router.
</SPAN><BR
style="COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,255,255)"></FONT></SPAN><SPAN><FONT
face=Arial color=#0000ff size=2><BR><BR></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Is your
internet router's firewall configured also to allow this traffic through
it?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN></SPAN><BR>Yes, I am getting traffic for my all
other IPs <BR></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Do you
have any iptables mangle or nat rules, you only showed your filter
(default) table?<BR><BR><SPAN style="COLOR: rgb(0,0,0)">No, Mangle and NO
Nat, </SPAN><BR style="COLOR: rgb(0,0,0)"><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">[root@bser2 ~]# iptables -t mangle -L -n
-v</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain
PREROUTING (policy ACCEPT 1 packets, 92 bytes)</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)"> pkts bytes
target prot opt in
out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain INPUT (policy
ACCEPT 0 packets, 0 bytes) </SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain FORWARD
(policy ACCEPT 0 packets, 0 bytes)</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination </SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain OUTPUT (policy
ACCEPT 1 packets, 40 bytes)</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain POSTROUTING
(policy ACCEPT 0 packets, 0 bytes) </SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)">[root@bser2 ~]# iptables -t nat -L -n -v</SPAN><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain PREROUTING
(policy ACCEPT 1 packets, 510 bytes)</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain POSTROUTING
(policy ACCEPT 0 packets, 0 bytes) </SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination</SPAN><BR style="COLOR: rgb(0,0,0)"><BR
style="COLOR: rgb(0,0,0)"><SPAN style="COLOR: rgb(0,0,0)">Chain OUTPUT (policy
ACCEPT 0 packets, 0 bytes)</SPAN><BR style="COLOR: rgb(0,0,0)"><SPAN
style="COLOR: rgb(0,0,0)"> pkts bytes target prot
opt in out
source
destination </SPAN><BR
style="COLOR: rgb(0,0,0)"><BR></FONT></SPAN></DIV><BR><BR>
<DIV><SPAN class=gmail_quote>On 10/3/07, <B class=gmail_sendername>Peter
McGill</B> <<A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:petermcgill@goco.net" target=_blank> petermcgill@goco.net</A>
> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>It
doesn't look like an iptables/firewall issue, since your chains seem to
accept everything it needs to.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>However you can check your log for dropped packets to be
sure.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>grep
'kernel: IN=' /var/log/*</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>If you
see any packets in there that match packets you want to allow then there is
a misconfiguration.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>According to your ifconfig and route, you are doing
this:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Public
Internet Interface: eth0</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>IP
Address: <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.212" target=_blank>216.209.3.212</A></FONT></SPAN>
</DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Network:
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/27"
target=_blank>216.209.3.192/27</A></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN> <FONT face=Arial
color=#0000ff size=2>Netmask: <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.224" target=_blank>255.255.255.224</A></FONT>
</SPAN></DIV>
<DIV dir=ltr align=left><SPAN> <FONT face=Arial
color=#0000ff size=2>IP Address Range:
216.209.3.193-216.209.3.223</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Gateway:
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193" target=_blank>216.209.3.193</A></FONT></SPAN>
</DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>LAN
Interface: eth1</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>IP
Address: <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225" target=_blank>216.209.3.225</A></FONT></SPAN>
</DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Network:
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.224/28"
target=_blank>216.209.3.224/28</A></FONT></SPAN> </DIV><SPAN><FONT size=+0>
<DIV dir=ltr align=left><SPAN><FONT face=Arial><FONT color=#0000ff
size=2> Netmask: <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.240"
target=_blank>255.255.255.240</A></FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2> IP Address Range:
216.209.3.225-216.209.239</FONT></DIV>
<DIV dir=ltr align=left></DIV></FONT></SPAN><SPAN><SPAN><FONT face=Arial
color=#0000ff size=2>Gateway: <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225"
target=_blank>216.209.3.225</A></FONT></SPAN></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>This
looks correct also matching your text description and your Windows network
configuration also looks correct.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Is your
windows firewall enabled or configured to allow the traffic you want to
allow?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Windows
firewall has a pretty strict default configuration on XP SP2 and
up.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Is
forwarding enabled in your kernel?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>cat
/proc/sys/net/ipv4/ip_forward</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>echo "1"
> /proc/sys/net/ipv4/ip_forward</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Does
your internet router <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193" target=_blank>216.209.3.193</A> know to forward
traffic for <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.224/28" target=_blank>216.209.3.224/28</A> to <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.212" target=_blank>216.209.3.212</A> (ie. use .212
as gateway/route for .224/28)?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Is your
internet router's firewall configured also to allow this traffic through
it?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Do you
have any iptables mangle or nat rules, you only showed your filter
(default) table?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,255) 2px solid; MARGIN-RIGHT: 0px">
<DIV lang=en-us dir=ltr align=left>
<HR>
<FONT face=Tahoma size=2><B>From:</B> Jai Rangi [mailto:<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jprangi@gmail.com" target=_blank>jprangi@gmail.com</A>]
<BR><B>Sent:</B> October 3, 2007 2:05 AM<BR><B>To:</B> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:petermcgill@goco.net"
target=_blank>petermcgill@goco.net</A><BR><B>Cc:</B> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:users@openswan.org"
target=_blank>users@openswan.org</A><BR><B>Subject:</B> Re: [Openswan
Users] Firewall,Routing and Tunneling between public
networks<BR></FONT><BR></DIV>
<DIV><SPAN>
<DIV></DIV>Hello, <BR><BR>I am running FC5 on my router. I have feeling
the I am missing some thing really simple btu now I am ready to pull my
hairs if I don't get the solution.... At this point my first target
to setup my Linux box as a router and my machines behind the router with
Public IP should be available to the outside world. Below are my
configuration. <BR><BR>[root@bser2 sysconfig]# iptables -L -n -v<BR>Chain
INPUT (policy DROP 0 packets, 0 bytes)<BR> pkts bytes
target prot opt in
out
source
destination<BR> 4 336
ACCEPT icmp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0</A><BR>
45 3944 ACCEPT tcp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> tcp
dpts:6000:65535<BR> 0 0
ACCEPT udp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> udp dpts:2048:5799
<BR> 0 0
ACCEPT udp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> udp
dpts:6000:65535<BR> 0 0
ACCEPT udp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> udp
dpt:53<BR> 0 0
ACCEPT udp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A> udp
dpt:53<BR> 0 0
ACCEPT tcp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26" target=_blank>216.209.3.192/26</A>
tcp dpt:53<BR>
0 0 ACCEPT tcp
-- *
* <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A> tcp
dpt:53<BR> 0 0
ACCEPT tcp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> tcp
dpt:80<BR> 0 0
ACCEPT tcp --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> tcp
dpt:443<BR> 0 0
ACCEPT all --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0</A><BR>
0 0 ACCEPT all
-- *
* <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/26"
target=_blank>216.209.3.192/26</A><BR>
0 0 ACCEPT all
-- *
* <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A><BR>
0 0 ACCEPT all
-- *
* <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.255" target=_blank>255.255.255.255
</A><BR> 0 0
ACCEPT all --
lo * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0</A><BR><BR>Chain FORWARD
(policy DROP 0 packets, 0 bytes)<BR> pkts bytes
target prot opt in
out
source
destination <BR> 0 0
ACCEPT all -- eth0
eth1 <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0</A><BR>
0 0 ACCEPT all
-- eth1 eth0 <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0</A><BR><BR>Chain OUTPUT
(policy ACCEPT 50 packets, 5644 bytes)<BR> pkts bytes
target prot opt in
out
source
destination<BR><BR>Chain spoof (0 references) <BR> pkts bytes
target prot opt in
out
source
destination<BR> 0 0
LOG all --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0
</A> limit:
avg 5/min burst 5 LOG flags 0 level 4 prefix `Spoofing:
'<BR> 0 0
DROP all --
* * <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0"
target=_blank>0.0.0.0/0</A>
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0/0" target=_blank>0.0.0.0/0 </A><BR>[root@bser2
sysconfig]#<BR>[root@bser2 sysconfig]# ifconfig
eth0<BR>eth0 Link encap:Ethernet
HWaddr
00:15:C5:EB:68:D0<BR>
inet addr:<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.212" target=_blank>216.209.3.212</A> Bcast:<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.223" target=_blank> 216.209.3.223</A> Mask:<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.224"
target=_blank>255.255.255.224</A><BR>
inet6 addr: fe80::215:c5ff:feeb:68d0/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:23087 errors:0 dropped:0 overruns:0 frame:0
<BR> TX
packets:21531 errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:1000<BR>
RX bytes:2280064 (2.1 MiB) TX bytes:5351240 (5.1
MiB)<BR>
Interrupt:16 Memory:f4000000-f4011100 <BR><BR>[root@bser2 sysconfig]#
ifconfig eth1<BR>eth1 Link
encap:Ethernet HWaddr
00:15:C5:EB:68:CE<BR>
inet addr:<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225" target=_blank>216.209.3.225</A> Bcast:<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.239" target=_blank> 216.209.3.239 </A>
Mask:<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.240"
target=_blank>255.255.255.240</A><BR>
inet6 addr: fe80::215:c5ff:feeb:68ce/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:6479 errors:0 dropped:0 overruns:0 frame:0
<BR> TX packets:8083
errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:1000<BR>
RX bytes:3309716 (3.1 MiB) TX bytes:612572 (598.2
KiB)<BR>
Interrupt:16 Memory:f8000000-f8011100 <BR><BR>[root@bser2 sysconfig]#
route<BR>Kernel IP routing table<BR>Destination
Gateway
Genmask Flags Metric
Ref Use Iface<BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.224" target=_blank>216.209.3.224</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225" target=_blank>216.209.3.225</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.240" target=_blank>255.255.255.240</A>
UG 0
0 0 eth1<BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192" target=_blank>216.209.3.192</A>
*
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.224" target=_blank>255.255.255.224</A>
U 0
0 0 eth0<BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://169.254.0.0"
target=_blank>169.254.0.0</A>
*
<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.0.0"
target=_blank>255.255.0.0</A>
U 0
0 0
eth1<BR>default <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193" target=_blank>216.209.3.193</A> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://0.0.0.0"
target=_blank>0.0.0.0</A>
UG 0
0 0 eth0<BR>[root@bser2
sysconfig]#<BR><BR>I think I am missing something in my routing table.
<BR><BR>So my network are <BR><BR>Internet <----------> ( <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/27" target=_blank>216.209.3.192/27</A>, GW <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.193" target=_blank>216.209.3.193</A> on Eth0 and <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225" target=_blank>216.209.3.225</A> on eth1)
<-----------> <Network behind the router <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.224/28" target=_blank>216.209.3.224/28</A>
><BR><BR><BR>Inernet configuration for internal machines
are<BR><BR>C:\Documents and Settings\Jai Rangi>ipconfig<BR><BR>Windows
IP Configuration<BR><BR><BR>Ethernet adapter Local Area Connection:
<BR><BR> Connection-specific DNS
Suffix . :<BR> IP Address.
. . . . . . . . . . . : <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.235"
target=_blank>216.209.3.235</A><BR>
Subnet Mask . . . . . . . . . . . : <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://255.255.255.240"
target=_blank>255.255.255.240</A><BR>
Default Gateway . . . . . . . . . : <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225"
target=_blank>216.209.3.225</A><BR><BR>C:\Documents and Settings\Jai
Rangi><BR><BR>I can ping from internet to <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.192/27" target=_blank>216.209.3.192/27</A> network.
<BR>I can not ping <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.3.225/28" target=_blank>216.209.3.225/28</A> network
from internet which is behind internet. <BR>I can ping internal machine
from router. <BR>I can ping router from internal machine. <BR><BR><BR>I
will appreciate if you can please give me some hint what I am doing wrong
here. <BR><BR>Thank you,<BR>-Jai<BR><BR><BR><BR><BR><BR>
<DIV><SPAN class=gmail_quote>On 10/2/07, <B class=gmail_sendername>Peter
McGill </B><<A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:petermcgill@goco.net"
target=_blank>petermcgill@goco.net</A>> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>First method should work, and work easier because there is no NAT
(Network Address Translation) to worry about.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>No
reason the FORWARD rules wouldn't work on Public IPs, I don't think they
care at all what IP you give.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Make
sure you don't use MASQUERADE, SNAT or DNAT
rules.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>-A
adds the rules to the end of the chain, are there any earlier rules that
might block the public traffic?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>iptables -t filter -n -v -L</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>iptables -t nat -n -v -L</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>iptables -t mangle -n -v -L</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Will
show you all your firewall rule details.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT
face=Arial size=2></FONT><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,255) 2px solid; MARGIN-RIGHT: 0px">
<DIV lang=en-us dir=ltr align=left>
<HR>
<FONT face=Tahoma size=2><B>From:</B> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:users-bounces@openswan.org"
target=_blank>users-bounces@openswan.org</A> [mailto:<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:users-bounces@openswan.org" target=_blank>
users-bounces@openswan.org</A>] <B>On Behalf Of </B>Jai
Rangi<BR><B>Sent:</B> October 2, 2007 2:56 AM<BR><B>To:</B> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:users@openswan.org"
target=_blank>users@openswan.org</A><BR><B>Subject:</B> [Openswan
Users] Firewall,Routing and Tunneling between public
networks<BR></FONT><BR></DIV>
<DIV><SPAN>
<DIV></DIV>Hello List,<BR>I am trying to set up a linux server as a
router/firewall and set up a SIP tunneling between two public
networks. <BR>My Diagram will be something like this<BR>Internet
<-----> Linux Router <--------------> My Internal Network
with Public IPs. <BR>Say My Network IPs are <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.192/26" target=_blank>216.209.14.192/26</A>
<BR>I tried this setup.<BR><BR>Internet <----> <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.197" target=_blank>216.209.14.197</A> (ExtIP
<- Default Gateway <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.193" target=_blank>216.209.14.193</A> Router
-> Internal IP) <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.198" target=_blank>216.209.14.198</A>
<------> My Servers connected through a switch with IPs
216.209.14.199-254 with Default Gateway <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.198" target=_blank>216.209.14.198</A>.
<BR>This set up did not work. <BR><BR>If I do this<BR>Internet
<----> <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.197" target=_blank>216.209.14.197</A> (ExtIP
<- Default Gateway <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://216.209.14.193" target=_blank>216.209.14.193</A> Router
-> Internal IP) <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.1.1" target=_blank>192.168.1.1</A> <------>
My Servers connected through a switch with IPs 192.168.1.199-254 with
Default Gateway <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.1.1" target=_blank>192.168.1.1</A>.<BR><BR>I can
go out through ip forwarding like this... <BR>iptables -P FORWARD
DROP<BR>iptables -A FORWARD -s ${HUB_LAN} -j ACCEPT<BR>iptables -A
FORWARD -d ${HUB_LAN} -j ACCEPT <BR><BR>These rules does not work with
public IPs. <BR><BR>My Other Questions are<BR>1. Can I use racoon for
SIP tunneling, is there any limit on number of sessions. Bought a
juniper router and found out that the router supports on 16 channels.
I need to support at least 400 SIP channels. <BR>2. I have seen a lot
of documentation of setting up Masquarding and IP Forwarding. I made
it work but that does not solve my purpose. I need to assign Public IP
to the my machines behind the router so that outside world can access
those machines through router directly. <BR>3. I need to have
tunneling with one service provider for network <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://56.211.34.23/27" target=_blank>56.211.34.23/27</A>. For
rest of the world I want the traffic to go through the router without
any modification. I might want to add some firewall rules later for
some specific port. <BR><BR>I will appreciate if some one can give me
some lead on how can I achieve this. <BR><BR>Thank
you,<BR>JP<BR></SPAN></DIV></BLOCKQUOTE></DIV></BLOCKQUOTE></DIV><BR></SPAN></DIV></BLOCKQUOTE></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></BODY></HTML>