Hi all,<br>I need some help on setting up NAT on an Openswan VPN tunnel. <br>Hereafter network topology:<br><br>subnet Openswan Gateway/Firewall<br><i>10.1.70.0 </i><i>----10.1.70.20-----10.1.70.1<br> 81.255.123.xxx----------------------62.134.128.xxx---172.20.1.0/24</i><br>
<br>virtual subnet on our side is <i><a href="http://192.168.130.0/24">192.168.130.0/24</a>.</i><br>So we need to translate 192.168.130.0 into 10.1.70.0.<br>Openswan is the DMZ. I managed to get the SA established but I can not ping any ip on the other side of the tunnel.<br>
<br>starting the channel<br>
<i>ipsec auto --up test<br>
117 "hero" #3: STATE_QUICK_I1: initiate<br>
004 "hero" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP/NAT=>0xab57a38f <0x4630949b xfrm=3DES_0-HMAC_SHA1 NATD=none
DPD=none}<br>
</i><br>
<br>
<i><u>/var/log/auth.log</u><br>
May 11 14:46:15 bruno pluto[32078]: | <a href="http://192.168.130.0/24===10.1.70.20[81.255.123.xxx]...62.134.128.xxx===172.20.1.0/24">192.168.130.0/24===10.1.70.20[81.255.123.xxx]...62.134.128.xxx===172.20.1.0/24</a><br>
281 May 11 14:46:15 bruno pluto[32078]: | ike_life: 86400s;
ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries:
0; policy: PSK+ENCRYPT+TUNNEL+PFS<br>
282 May 11 14:46:15 bruno pluto[32078]: | next event EVENT_PENDING_PHASE2 in 119 seconds<br>
(....)<br>
May 11 14:46:24 bruno pluto[32078]: | inserting event EVENT_SA_REPLACE, timeout in 28213 seconds for #2<br>
1334 May 11 14:46:24 bruno pluto[32078]: "hero" #2: STATE_QUICK_I2:
sent QI2, IPsec SA established {ESP/NAT=>0x29f6e927 <0xdd14ef5e
xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}<br>
</i><br><br>ipsec verify<br><br><i>Version check and ipsec on-path [OK]<br>Linux Openswan U2.4.12/K2.6.27-11-generic (netkey)<br>Checking for IPsec support in kernel [OK]<br>
NETKEY detected, testing for disabled ICMP send_redirects [OK]<br>NETKEY detected, testing for disabled ICMP accept_redirects [OK]<br>Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]<br>
ipsec showhostkey: no default key in "/etc/ipsec.secrets"<br>Checking that pluto is running [OK]<br>Two or more interfaces found, checking IP forwarding [OK]<br>Checking NAT and MASQUERADEing <br>
Checking for 'ip' command [OK]<br>Checking for 'iptables' command [OK]<br>Opportunistic Encryption Support [DISABLED]<br>
</i><br>I suspect routing misconfiguration:<br><br><i><u>/etc/ipsec.conf</u><br>config setup<br> interfaces=%defaultroute<br> plutodebug = "all"<br> klipsdebug = "all"<br> nat_traversal=yes<br>
-> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.130.0/16">10.0.0.0/8,%v4:192.168.130.0/16</a> <-<br></i># I could not find any documentation on this line<i><br><br clear="all">conn test<br> type=tunnel<br>
authby=secret<br> ike=3des-sha1-modp1024<br> esp=3des-sha1<br> pfsgroup=modp1024<br> keyexchange=ike<br> pfs=yes<br> ikelifetime=86400s<br> rekey=yes<br> compress=no<br>
aggrmode=no<br> forceencaps=yes<br> left=10.1.70.20<br> leftsourceip=10.1.70.20<br> leftid=81.255.123.xxx<br> leftsubnet=<a href="http://192.168.130.0/24">192.168.130.0/24</a><br>
right=62.134.128.xxx<br> rightsubnet=<a href="http://172.20.1.0/24">172.20.1.0/24</a><br> auto=start<br></i><br>ipsec eroute<br>
<i>/usr/lib/ipsec/eroute: NETKEY does not support eroute table.</i><br>
<br>
<br><u>/var/run/ipsec.log</u><br><i>defaultroutephys=eth0<br>defaultroutevirt=ipsec0<br>defaultrouteaddr=10.1.70.20<br>defaultroutenexthop=10.1.70.1<br></i><br><br>below the routing table<br><br><i>iptables -L<br>Chain INPUT (policy ACCEPT)<br>
target prot opt source destination <br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT udp -- anywhere bruno-laptop-cadexpert.local udp dpt:isakmp <br>
ACCEPT ah -- anywhere bruno-laptop-cadexpert.local <br>ACCEPT esp -- anywhere bruno-laptop-cadexpert.local <br>ACCEPT all -- anywhere bruno-laptop-cadexpert.local <br>
<br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination <br></i><br>and the active connections<br><br><u>netstat -nvl</u><br><i>Active Internet connections (only servers)<br>Proto Recv-Q Send-Q Local Address Foreign Address State <br>
tcp 0 0 <a href="http://127.0.0.1:7634">127.0.0.1:7634</a> 0.0.0.0:* LISTEN <br>tcp 0 0 <a href="http://10.1.70.20:22">10.1.70.20:22</a> 0.0.0.0:* LISTEN <br>
tcp 0 0 <a href="http://127.0.0.1:631">127.0.0.1:631</a> 0.0.0.0:* LISTEN <br>tcp 0 0 <a href="http://127.0.0.1:25">127.0.0.1:25</a> 0.0.0.0:* LISTEN <br>
udp 0 0 <a href="http://127.0.0.1:4500">127.0.0.1:4500</a> 0.0.0.0:* <br>udp 0 0 <a href="http://10.1.70.20:4500">10.1.70.20:4500</a> 0.0.0.0:* <br>
udp 0 0 <a href="http://192.168.53.1:4500">192.168.53.1:4500</a> 0.0.0.0:* <br>udp 0 0 <a href="http://172.16.99.1:4500">172.16.99.1:4500</a> 0.0.0.0:* <br>
udp 0 0 <a href="http://0.0.0.0:44624">0.0.0.0:44624</a> 0.0.0.0:* <br>udp 0 0 <a href="http://0.0.0.0:5353">0.0.0.0:5353</a> 0.0.0.0:* <br>
udp 0 0 <a href="http://127.0.0.1:500">127.0.0.1:500</a> 0.0.0.0:* <br>udp 0 0 <a href="http://10.1.70.20:500">10.1.70.20:500</a> 0.0.0.0:* <br>
udp 0 0 <a href="http://192.168.53.1:500">192.168.53.1:500</a> 0.0.0.0:* <br>udp 0 0 <a href="http://172.16.99.1:500">172.16.99.1:500</a> 0.0.0.0:* <br>
raw 0 0 <a href="http://0.0.0.0:1">0.0.0.0:1</a> 0.0.0.0:* 7 <br><br></i>ipsec setup start<br><br><i><u>/var/log/syslog</u><br>kernel: [318747.829461] Initializing XFRM netlink socket<br>
-> May 11 14:06:28 NETKEY on eth0 <a href="http://10.1.70.20/255.255.254.0">10.1.70.20/255.255.254.0</a> broadcast 192.168.0.255<br>May 11 14:06:28 ipsec_setup: ...Openswan IPsec started<br>May 11 14:06:28 ipsec_setup: Starting Openswan IPsec 2.4.12..<br>
</i><br>broadcast seems to be wrong (192.168.<u>0</u>.255)?<br><i></i>Any help would be very much appreciated<i><br></i>Regards,<br>Bruno<br><br><br>(sysctl -a | grep ipv4<br><i>net.ipv4.route.gc_thresh = 65536<br>net.ipv4.route.max_size = 1048576<br>
net.ipv4.route.gc_min_interval = 0<br>net.ipv4.route.gc_min_interval_ms = 500<br>net.ipv4.route.gc_timeout = 300<br>net.ipv4.route.gc_interval = 60<br>net.ipv4.route.redirect_load = 5<br>net.ipv4.route.redirect_number = 9<br>
net.ipv4.route.redirect_silence = 5120<br>error: permission denied on key 'net.ipv4.route.flush'<br>net.ipv4.route.error_cost = 250<br>net.ipv4.route.error_burst = 1250<br>net.ipv4.route.gc_elasticity = 8<br>net.ipv4.route.mtu_expires = 600<br>
net.ipv4.route.min_pmtu = 552<br>net.ipv4.route.min_adv_mss = 256<br>net.ipv4.route.secret_interval = 600<br>net.ipv4.neigh.default.mcast_solicit = 3<br>net.ipv4.neigh.default.ucast_solicit = 3<br>net.ipv4.neigh.default.app_solicit = 0<br>
net.ipv4.neigh.default.retrans_time = 100<br>net.ipv4.neigh.default.base_reachable_time = 30<br>net.ipv4.neigh.default.delay_first_probe_time = 5<br>net.ipv4.neigh.default.gc_stale_time = 60<br>net.ipv4.neigh.default.unres_qlen = 3<br>
net.ipv4.neigh.default.proxy_qlen = 64<br>net.ipv4.neigh.default.anycast_delay = 100<br>net.ipv4.neigh.default.proxy_delay = 80<br>net.ipv4.neigh.default.locktime = 100<br>net.ipv4.neigh.default.retrans_time_ms = 1000<br>
net.ipv4.neigh.default.base_reachable_time_ms = 30000<br>net.ipv4.neigh.default.gc_interval = 30<br>net.ipv4.neigh.default.gc_thresh1 = 128<br>net.ipv4.neigh.default.gc_thresh2 = 512<br>net.ipv4.neigh.default.gc_thresh3 = 1024<br>
net.ipv4.neigh.lo.mcast_solicit = 3<br>net.ipv4.neigh.lo.ucast_solicit = 3<br>net.ipv4.neigh.lo.app_solicit = 0<br>net.ipv4.neigh.lo.retrans_time = 100<br>net.ipv4.neigh.lo.base_reachable_time = 30<br>net.ipv4.neigh.lo.delay_first_probe_time = 5<br>
net.ipv4.neigh.lo.gc_stale_time = 60<br>net.ipv4.neigh.lo.unres_qlen = 3<br>net.ipv4.neigh.lo.proxy_qlen = 64<br>net.ipv4.neigh.lo.anycast_delay = 100<br>net.ipv4.neigh.lo.proxy_delay = 80<br>net.ipv4.neigh.lo.locktime = 100<br>
net.ipv4.neigh.lo.retrans_time_ms = 1000<br>net.ipv4.neigh.lo.base_reachable_time_ms = 30000<br>net.ipv4.neigh.eth0.mcast_solicit = 3<br>net.ipv4.neigh.eth0.ucast_solicit = 3<br>net.ipv4.neigh.eth0.app_solicit = 0<br>net.ipv4.neigh.eth0.retrans_time = 100<br>
net.ipv4.neigh.eth0.base_reachable_time = 30<br>net.ipv4.neigh.eth0.delay_first_probe_time = 5<br>net.ipv4.neigh.eth0.gc_stale_time = 60<br>net.ipv4.neigh.eth0.unres_qlen = 3<br>net.ipv4.neigh.eth0.proxy_qlen = 64<br>net.ipv4.neigh.eth0.anycast_delay = 100<br>
net.ipv4.neigh.eth0.proxy_delay = 80<br>net.ipv4.neigh.eth0.locktime = 100<br>net.ipv4.neigh.eth0.retrans_time_ms = 1000<br>net.ipv4.neigh.eth0.base_reachable_time_ms = 30000<br>net.ipv4.neigh.wmaster0.mcast_solicit = 3<br>
net.ipv4.neigh.wmaster0.ucast_solicit = 3<br>net.ipv4.neigh.wmaster0.app_solicit = 0<br>net.ipv4.neigh.wmaster0.retrans_time = 100<br>net.ipv4.neigh.wmaster0.base_reachable_time = 30<br>net.ipv4.neigh.wmaster0.delay_first_probe_time = 5<br>
net.ipv4.neigh.wmaster0.gc_stale_time = 60<br>net.ipv4.neigh.wmaster0.unres_qlen = 3<br>net.ipv4.neigh.wmaster0.proxy_qlen = 64<br>net.ipv4.neigh.wmaster0.anycast_delay = 100<br>net.ipv4.neigh.wmaster0.proxy_delay = 80<br>
net.ipv4.neigh.wmaster0.locktime = 100<br>net.ipv4.neigh.wmaster0.retrans_time_ms = 1000<br>net.ipv4.neigh.wmaster0.base_reachable_time_ms = 30000<br>net.ipv4.neigh.wlan0.mcast_solicit = 3<br>net.ipv4.neigh.wlan0.ucast_solicit = 3<br>
net.ipv4.neigh.wlan0.app_solicit = 0<br>net.ipv4.neigh.wlan0.retrans_time = 100<br>net.ipv4.neigh.wlan0.base_reachable_time = 30<br>net.ipv4.neigh.wlan0.delay_first_probe_time = 5<br>net.ipv4.neigh.wlan0.gc_stale_time = 60<br>
net.ipv4.neigh.wlan0.unres_qlen = 3<br>net.ipv4.neigh.wlan0.proxy_qlen = 64<br>net.ipv4.neigh.wlan0.anycast_delay = 100<br>net.ipv4.neigh.wlan0.proxy_delay = 80<br>net.ipv4.neigh.wlan0.locktime = 100<br>net.ipv4.neigh.wlan0.retrans_time_ms = 1000<br>
net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000<br>net.ipv4.neigh.vmnet1.mcast_solicit = 3<br>net.ipv4.neigh.vmnet1.ucast_solicit = 3<br>net.ipv4.neigh.vmnet1.app_solicit = 0<br>net.ipv4.neigh.vmnet1.retrans_time = 100<br>
net.ipv4.neigh.vmnet1.base_reachable_time = 30<br>net.ipv4.neigh.vmnet1.delay_first_probe_time = 5<br>net.ipv4.neigh.vmnet1.gc_stale_time = 60<br>net.ipv4.neigh.vmnet1.unres_qlen = 3<br>net.ipv4.neigh.vmnet1.proxy_qlen = 64<br>
net.ipv4.neigh.vmnet1.anycast_delay = 100<br>net.ipv4.neigh.vmnet1.proxy_delay = 80<br>net.ipv4.neigh.vmnet1.locktime = 100<br>net.ipv4.neigh.vmnet1.retrans_time_ms = 1000<br>net.ipv4.neigh.vmnet1.base_reachable_time_ms = 30000<br>
net.ipv4.neigh.vmnet8.mcast_solicit = 3<br>net.ipv4.neigh.vmnet8.ucast_solicit = 3<br>net.ipv4.neigh.vmnet8.app_solicit = 0<br>net.ipv4.neigh.vmnet8.retrans_time = 100<br>net.ipv4.neigh.vmnet8.base_reachable_time = 30<br>
net.ipv4.neigh.vmnet8.delay_first_probe_time = 5<br>net.ipv4.neigh.vmnet8.gc_stale_time = 60<br>net.ipv4.neigh.vmnet8.unres_qlen = 3<br>net.ipv4.neigh.vmnet8.proxy_qlen = 64<br>net.ipv4.neigh.vmnet8.anycast_delay = 100<br>
net.ipv4.neigh.vmnet8.proxy_delay = 80<br>net.ipv4.neigh.vmnet8.locktime = 100<br>net.ipv4.neigh.vmnet8.retrans_time_ms = 1000<br>net.ipv4.neigh.vmnet8.base_reachable_time_ms = 30000<br>net.ipv4.neigh.pan0.mcast_solicit = 3<br>
net.ipv4.neigh.pan0.ucast_solicit = 3<br>net.ipv4.neigh.pan0.app_solicit = 0<br>net.ipv4.neigh.pan0.retrans_time = 100<br>net.ipv4.neigh.pan0.base_reachable_time = 30<br>net.ipv4.neigh.pan0.delay_first_probe_time = 5<br>net.ipv4.neigh.pan0.gc_stale_time = 60<br>
net.ipv4.neigh.pan0.unres_qlen = 3<br>net.ipv4.neigh.pan0.proxy_qlen = 64<br>net.ipv4.neigh.pan0.anycast_delay = 100<br>net.ipv4.neigh.pan0.proxy_delay = 80<br>net.ipv4.neigh.pan0.locktime = 100<br>net.ipv4.neigh.pan0.retrans_time_ms = 1000<br>
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000<br>net.ipv4.tcp_timestamps = 1<br>net.ipv4.tcp_window_scaling = 1<br>net.ipv4.tcp_sack = 1<br>net.ipv4.tcp_retrans_collapse = 1<br>net.ipv4.ip_default_ttl = 64<br>net.ipv4.ip_no_pmtu_disc = 0<br>
net.ipv4.ip_nonlocal_bind = 0<br>net.ipv4.tcp_syn_retries = 5<br>net.ipv4.tcp_synack_retries = 5<br>net.ipv4.tcp_max_orphans = 65536<br>net.ipv4.tcp_max_tw_buckets = 180000<br>net.ipv4.ip_dynaddr = 0<br>net.ipv4.tcp_keepalive_time = 7200<br>
net.ipv4.tcp_keepalive_probes = 9<br>net.ipv4.tcp_keepalive_intvl = 75<br>net.ipv4.tcp_retries1 = 3<br>net.ipv4.tcp_retries2 = 15<br>net.ipv4.tcp_fin_timeout = 60<br>net.ipv4.tcp_syncookies = 0<br>net.ipv4.tcp_tw_recycle = 0<br>
net.ipv4.tcp_abort_on_overflow = 0<br>net.ipv4.tcp_stdurg = 0<br>net.ipv4.tcp_rfc1337 = 0<br>net.ipv4.tcp_max_syn_backlog = 1024<br>net.ipv4.ip_local_port_range = 32768 61000<br>net.ipv4.igmp_max_memberships = 20<br>net.ipv4.igmp_max_msf = 10<br>
net.ipv4.inet_peer_threshold = 65664<br>net.ipv4.inet_peer_minttl = 120<br>net.ipv4.inet_peer_maxttl = 600<br>net.ipv4.inet_peer_gc_mintime = 10<br>net.ipv4.inet_peer_gc_maxtime = 120<br>net.ipv4.tcp_orphan_retries = 0<br>
net.ipv4.tcp_fack = 1<br>net.ipv4.tcp_reordering = 3<br>net.ipv4.tcp_ecn = 0<br>net.ipv4.tcp_dsack = 1<br>net.ipv4.tcp_mem = 191040 254720 382080<br>net.ipv4.tcp_wmem = 4096 16384 4194304<br>net.ipv4.tcp_rmem = 4096 87380 4194304<br>
net.ipv4.tcp_app_win = 31<br>net.ipv4.tcp_adv_win_scale = 2<br>net.ipv4.tcp_tw_reuse = 0<br>net.ipv4.tcp_frto = 2<br>net.ipv4.tcp_frto_response = 0<br>net.ipv4.tcp_low_latency = 0<br>net.ipv4.tcp_no_metrics_save = 0<br>net.ipv4.tcp_moderate_rcvbuf = 1<br>
net.ipv4.tcp_tso_win_divisor = 3<br>net.ipv4.tcp_congestion_control = cubic<br>net.ipv4.tcp_abc = 0<br>net.ipv4.tcp_mtu_probing = 0<br>net.ipv4.tcp_base_mss = 512<br>net.ipv4.tcp_workaround_signed_windows = 0<br>net.ipv4.tcp_dma_copybreak = 4096<br>
net.ipv4.tcp_slow_start_after_idle = 1<br>net.ipv4.cipso_cache_enable = 1<br>net.ipv4.cipso_cache_bucket_size = 10<br>net.ipv4.cipso_rbm_optfmt = 0<br>net.ipv4.cipso_rbm_strictvalid = 1<br>net.ipv4.tcp_available_congestion_control = cubic reno<br>
net.ipv4.tcp_allowed_congestion_control = cubic reno<br>net.ipv4.tcp_max_ssthresh = 0<br>net.ipv4.udp_mem = 191904 255872 383808<br>net.ipv4.udp_rmem_min = 4096<br>net.ipv4.udp_wmem_min = 4096<br>net.ipv4.netfilter.ip_conntrack_generic_timeout = 600<br>
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120<br>
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120<br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10<br>
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300<br>net.ipv4.netfilter.ip_conntrack_tcp_loose = 1<br>net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0<br>net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3<br>
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30<br>net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180<br>net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30<br>net.ipv4.netfilter.ip_conntrack_max = 65536<br>net.ipv4.netfilter.ip_conntrack_count = 2<br>
net.ipv4.netfilter.ip_conntrack_buckets = 16384<br>net.ipv4.netfilter.ip_conntrack_checksum = 1<br>net.ipv4.netfilter.ip_conntrack_log_invalid = 0<br>net.ipv4.conf.all.forwarding = 1<br>net.ipv4.conf.all.mc_forwarding = 0<br>
net.ipv4.conf.all.accept_redirects = 0<br>net.ipv4.conf.all.secure_redirects = 0<br>net.ipv4.conf.all.shared_media = 1<br>net.ipv4.conf.all.rp_filter = 1<br>net.ipv4.conf.all.send_redirects = 0<br>net.ipv4.conf.all.accept_source_route = 1<br>
net.ipv4.conf.all.proxy_arp = 0<br>net.ipv4.conf.all.medium_id = 0<br>net.ipv4.conf.all.bootp_relay = 0<br>net.ipv4.conf.all.log_martians = 0<br>net.ipv4.conf.all.tag = 0<br>net.ipv4.conf.all.arp_filter = 0<br>net.ipv4.conf.all.arp_announce = 0<br>
net.ipv4.conf.all.arp_ignore = 0<br>net.ipv4.conf.all.arp_accept = 0<br>net.ipv4.conf.all.disable_xfrm = 0<br>net.ipv4.conf.all.disable_policy = 0<br>net.ipv4.conf.all.force_igmp_version = 0<br>net.ipv4.conf.all.promote_secondaries = 0<br>
net.ipv4.conf.default.forwarding = 1<br>net.ipv4.conf.default.mc_forwarding = 0<br>net.ipv4.conf.default.accept_redirects = 0<br>net.ipv4.conf.default.secure_redirects = 0<br>net.ipv4.conf.default.shared_media = 1<br>net.ipv4.conf.default.rp_filter = 1<br>
net.ipv4.conf.default.send_redirects = 0<br>net.ipv4.conf.default.accept_source_route = 1<br>net.ipv4.conf.default.proxy_arp = 0<br>net.ipv4.conf.default.medium_id = 0<br>net.ipv4.conf.default.bootp_relay = 0<br>net.ipv4.conf.default.log_martians = 0<br>
net.ipv4.conf.default.tag = 0<br>net.ipv4.conf.default.arp_filter = 0<br>net.ipv4.conf.default.arp_announce = 0<br>net.ipv4.conf.default.arp_ignore = 0<br>net.ipv4.conf.default.arp_accept = 0<br>net.ipv4.conf.default.disable_xfrm = 0<br>
net.ipv4.conf.default.disable_policy = 0<br>net.ipv4.conf.default.force_igmp_version = 0<br>net.ipv4.conf.default.promote_secondaries = 0<br>net.ipv4.conf.lo.forwarding = 1<br>net.ipv4.conf.lo.mc_forwarding = 0<br>net.ipv4.conf.lo.accept_redirects = 0<br>
net.ipv4.conf.lo.secure_redirects = 0<br>net.ipv4.conf.lo.shared_media = 1<br>net.ipv4.conf.lo.rp_filter = 1<br>net.ipv4.conf.lo.send_redirects = 0<br>net.ipv4.conf.lo.accept_source_route = 1<br>net.ipv4.conf.lo.proxy_arp = 0<br>
net.ipv4.conf.lo.medium_id = 0<br>net.ipv4.conf.lo.bootp_relay = 0<br>net.ipv4.conf.lo.log_martians = 0<br>net.ipv4.conf.lo.tag = 0<br>net.ipv4.conf.lo.arp_filter = 0<br>net.ipv4.conf.lo.arp_announce = 0<br>net.ipv4.conf.lo.arp_ignore = 0<br>
net.ipv4.conf.lo.arp_accept = 0<br>net.ipv4.conf.lo.disable_xfrm = 1<br>net.ipv4.conf.lo.disable_policy = 1<br>net.ipv4.conf.lo.force_igmp_version = 0<br>net.ipv4.conf.lo.promote_secondaries = 0<br>net.ipv4.conf.eth0.forwarding = 1<br>
net.ipv4.conf.eth0.mc_forwarding = 0<br>net.ipv4.conf.eth0.accept_redirects = 0<br>net.ipv4.conf.eth0.secure_redirects = 0<br>net.ipv4.conf.eth0.shared_media = 1<br>net.ipv4.conf.eth0.rp_filter = 1<br>net.ipv4.conf.eth0.send_redirects = 0<br>
net.ipv4.conf.eth0.accept_source_route = 1<br>net.ipv4.conf.eth0.proxy_arp = 0<br>net.ipv4.conf.eth0.medium_id = 0<br>net.ipv4.conf.eth0.bootp_relay = 0<br>net.ipv4.conf.eth0.log_martians = 0<br>net.ipv4.conf.eth0.tag = 0<br>
net.ipv4.conf.eth0.arp_filter = 0<br>net.ipv4.conf.eth0.arp_announce = 0<br>net.ipv4.conf.eth0.arp_ignore = 0<br>net.ipv4.conf.eth0.arp_accept = 0<br>net.ipv4.conf.eth0.disable_xfrm = 0<br>net.ipv4.conf.eth0.disable_policy = 0<br>
net.ipv4.conf.eth0.force_igmp_version = 0<br>net.ipv4.conf.eth0.promote_secondaries = 0<br>net.ipv4.conf.wmaster0.forwarding = 1<br>net.ipv4.conf.wmaster0.mc_forwarding = 0<br>net.ipv4.conf.wmaster0.accept_redirects = 0<br>
net.ipv4.conf.wmaster0.secure_redirects = 0<br>net.ipv4.conf.wmaster0.shared_media = 1<br>net.ipv4.conf.wmaster0.rp_filter = 1<br>net.ipv4.conf.wmaster0.send_redirects = 0<br>net.ipv4.conf.wmaster0.accept_source_route = 1<br>
net.ipv4.conf.wmaster0.proxy_arp = 0<br>net.ipv4.conf.wmaster0.medium_id = 0<br>net.ipv4.conf.wmaster0.bootp_relay = 0<br>net.ipv4.conf.wmaster0.log_martians = 0<br>net.ipv4.conf.wmaster0.tag = 0<br>net.ipv4.conf.wmaster0.arp_filter = 0<br>
net.ipv4.conf.wmaster0.arp_announce = 0<br>net.ipv4.conf.wmaster0.arp_ignore = 0<br>net.ipv4.conf.wmaster0.arp_accept = 0<br>net.ipv4.conf.wmaster0.disable_xfrm = 0<br>net.ipv4.conf.wmaster0.disable_policy = 0<br>net.ipv4.conf.wmaster0.force_igmp_version = 0<br>
net.ipv4.conf.wmaster0.promote_secondaries = 0<br>net.ipv4.conf.wlan0.forwarding = 1<br>net.ipv4.conf.wlan0.mc_forwarding = 0<br>net.ipv4.conf.wlan0.accept_redirects = 0<br>net.ipv4.conf.wlan0.secure_redirects = 0<br>net.ipv4.conf.wlan0.shared_media = 1<br>
net.ipv4.conf.wlan0.rp_filter = 1<br>net.ipv4.conf.wlan0.send_redirects = 0<br>net.ipv4.conf.wlan0.accept_source_route = 1<br>net.ipv4.conf.wlan0.proxy_arp = 0<br>net.ipv4.conf.wlan0.medium_id = 0<br>net.ipv4.conf.wlan0.bootp_relay = 0<br>
net.ipv4.conf.wlan0.log_martians = 0<br>net.ipv4.conf.wlan0.tag = 0<br>net.ipv4.conf.wlan0.arp_filter = 0<br>net.ipv4.conf.wlan0.arp_announce = 0<br>net.ipv4.conf.wlan0.arp_ignore = 0<br>net.ipv4.conf.wlan0.arp_accept = 0<br>
net.ipv4.conf.wlan0.disable_xfrm = 0<br>net.ipv4.conf.wlan0.disable_policy = 0<br>net.ipv4.conf.wlan0.force_igmp_version = 0<br>net.ipv4.conf.wlan0.promote_secondaries = 0<br>net.ipv4.conf.pan0.forwarding = 1<br>net.ipv4.conf.pan0.mc_forwarding = 0<br>
net.ipv4.conf.pan0.accept_redirects = 0<br>net.ipv4.conf.pan0.secure_redirects = 0<br>net.ipv4.conf.pan0.shared_media = 1<br>net.ipv4.conf.pan0.rp_filter = 1<br>net.ipv4.conf.pan0.send_redirects = 0<br>net.ipv4.conf.pan0.accept_source_route = 1<br>
net.ipv4.conf.pan0.proxy_arp = 0<br>net.ipv4.conf.pan0.medium_id = 0<br>net.ipv4.conf.pan0.bootp_relay = 0<br>net.ipv4.conf.pan0.log_martians = 0<br>net.ipv4.conf.pan0.tag = 0<br>net.ipv4.conf.pan0.arp_filter = 0<br>net.ipv4.conf.pan0.arp_announce = 0<br>
net.ipv4.conf.pan0.arp_ignore = 0<br>net.ipv4.conf.pan0.arp_accept = 0<br>net.ipv4.conf.pan0.disable_xfrm = 0<br>net.ipv4.conf.pan0.disable_policy = 0<br>net.ipv4.conf.pan0.force_igmp_version = 0<br>net.ipv4.conf.pan0.promote_secondaries = 0<br>
net.ipv4.ip_forward = 1<br>net.ipv4.ipfrag_high_thresh = 262144<br>net.ipv4.ipfrag_low_thresh = 196608<br>net.ipv4.ipfrag_time = 30<br>net.ipv4.icmp_echo_ignore_all = 0<br>net.ipv4.icmp_echo_ignore_broadcasts = 1<br>net.ipv4.icmp_ignore_bogus_error_responses = 1<br>
net.ipv4.icmp_errors_use_inbound_ifaddr = 0<br>net.ipv4.icmp_ratelimit = 1000<br>net.ipv4.icmp_ratemask = 6168<br>net.ipv4.ipfrag_secret_interval = 600<br>net.ipv4.ipfrag_max_dist = 64</i>)<br>