[Openswan Users] Openswan<->Freeswan FTP Packet lost
Peter Gerland
peter at peges.de
Fri Dec 31 18:29:47 CET 2004
Hello,
i have set up an roadwarrior from openswan (fedora core 3, Kernel
2.6.9-1.667) to an older static freeswan (the freeswan side has
25 very well working roadwarrior-clients with net-to-net connections)
I can ping from net to net, i can telnet, smtp works, but
ftp lost packets.
The mystery is, from all Linux-Clients at the Freeswan-Side i can FTP
to an SCO-Openserver on the Openswan side, but not from an SCO-Openserver
on the Freeswan-Side to the SCO-Openserver on the Openswan-Side.
>From the SCO-Openserver on the Openswan-Side, I can FTP-Login to the
SCO on the Freeswan side, and then the transfer stop.
Here is my ip-up Script on the Openswan-roadwarrior:
192.168.30 is the Openswan-Net
192.168.18 is the Freeswan-Net
192.168.30.200 is the Openswan-Roadwarrior internal network address
---------ip-up--
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j REJECT
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.30.0/24 \
-d ! 192.168.18.0/24 -j MASQUERADE
/sbin/iptables -t mangle -I INPUT -p esp -j MARK --set-mark 50
/sbin/iptables -I FORWARD -i ppp0 -o eth0 -d 192.168.30.0/24 -m state \
--state NEW,ESTABLISHED -m mark --mark 50 -j ACCEPT
/sbin/iptables -I INPUT -i ppp0 -d 192.168.30.200/32 -m state \
--state NEW,ESTABLISHED -m mark --mark 50 -j ACCEPT
-------------
TX for any help!
Peter
More information about the Users
mailing list