<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
How about iptables -t nat -L? Do you have an ACCEPT rule for the net
before the MASQ/SNAT rule?<br>
<br>
Best regards,<br>
Marcus<br>
<br>
2011-04-13 10:27, Thomas Schweikle skrev:
<blockquote cite="mid:4DA55E57.4020603@vr-web.de" type="cite">
<pre wrap="">Am 12.04.2011 23:58, schrieb Willie Gillespie:
</pre>
<blockquote type="cite">
<pre wrap="">At this point, let's check two things then:
First: cat /proc/sys/net/ipv4/ip_forward
It should be 1... and probably is.
</pre>
</blockquote>
<pre wrap="">
# cat /proc/sys/net/ipv4/ip_forward
1
</pre>
<blockquote type="cite">
<pre wrap="">Second: iptables -L
</pre>
</blockquote>
<pre wrap=""># iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I've listed only one machine, because the other one is identical
(and not reachable at the moment).
This was one point I checked again and again. But without success.
At no point in time this had changed:
- no firewall rules, firewall inactive
- forwarding active
But:
- connection between the two gateways
- no connection between the two networks
- no connection between gateway and the remote network
entering additional routes for single hosts, or network did not help
either. I could never make the whole thing route incoming packets to
the default router or any host except the gateway himself.
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: "Thomas Schweikle" <a class="moz-txt-link-rfc2396E" href="mailto:tps@vr-web.de"><tps@vr-web.de></a>
Sent: Tuesday, April 12, 2011 3:01pm
To: <a class="moz-txt-link-abbreviated" href="mailto:users@lists.openswan.org">users@lists.openswan.org</a>
Subject: Re: [Openswan Users] IPsec-Setup
That is what I've read. Adding (left|right)sourceip= again made the
connection gateway/gateway work, but not any of the other hosts are
reachable. I could connect two hosts, but not two networks.
Removing the gateway/network network/gateway and gateway/gateway
configs doesn't change anything: I can ping from gateway to gateway,
but not from network to gateway or network to network.
</pre>
</blockquote>
<pre wrap="">
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</body>
</html>