<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16544" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi there,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I've removed all iptables rules that was
marking ipsec traffic and also the table and rules for router3 from my
advanced routing. Added the iptables rule as Peter sugested, excluding
189.2.x.y and it _seems_ to be working. I'll monitor it closely to see if the
problem won't happen again, since this setup is master in suddenly stoping
for no reason.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Peter, thanks for your input. I think it might
have solved the problem. So simple hun? Sometimes all we need is a fresh pair of
eyes...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>Giovani Moda<BR>----- Original Message ----- </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=petermcgill@goco.net href="mailto:petermcgill@goco.net">Peter
McGill</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=giovani@mrinformatica.com.br
href="mailto:giovani@mrinformatica.com.br">'Giovani Moda - MR Informática'</A>
; <A title=users@openswan.org
href="mailto:users@openswan.org">users@openswan.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, October 23, 2007 5:30
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [Openswan Users]
openswan,alias interface and advanced routing (very long)</DIV>
<DIV><FONT face=Arial size=2></FONT><BR></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>If I've understood your post correctly you have a public
eth0 interface with a 189.2.x.x IP,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>and a virtual eth0:0 with a different (similar) IP,
which I'll call 189.2.v.v.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>Your IPSec traffic using eth0:0 is incorrectly being
NATed to 189.2.x.x by your SNAT rule?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>(Note: if you have more than one IP in 189.2.x.x range
then don't mask both as .x.x!</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>It's confusing as hell and impossible to determine which
routes go where...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>If you hide your IPs at least uniquely identify
each.)</FONT></SPAN></DIV></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>If that's the case then try this
change:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2>$IPTABLES -t nat -A POSTROUTING -o eth0 -s !
189.2.v.v -j SNAT --to-source 189.2.x.x</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=717591819-23102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter
McGill</FONT></DIV></BLOCKQUOTE></BODY></HTML>