[Openswan Users] IPSec and iptables not work
Cristian Bullokles
cristian.bullokles at scio-sa.com
Wed Feb 9 14:47:49 CET 2005
Hi people
I'm using openswan ipsec in a linux servers that are firewall/gateway to
small local networks.
My network is
LAN (192.168.1.0) ---- > VPNGW1/FIREWALL (internal:
192.168.1.1 external: myPublicIP) ---- > INTERNET ---- > VNPGW2
(extPublicIP) ------ > HOST(publicDest).
And my configuration is this:
conn vnpwg1-vpngw2
auth=esp
authby=secret
auto=add
esp=3des-sha1,3des-sha1
ike=3des-sha1,3des-sha1
keyexchange=ike
keyingtries=5
left=myPublicIP
leftsubnet=192.168.1.0/24
pfs=yes
right=extPublicIP
rightsubnet=publicDest/32
If I use this configuration fom any machine on my Lan I cant ping
publicDest , my firewall is set to allow all traffic and nat traffic
from my LAN like this:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -j LOG --log-level DEBUG --log-prefix "INPUT:"
iptables -A OUTPUT -j LOG --log-level DEBUG --log-prefix "OUTPUT:"
iptables -A FORWARD -j LOG --log-level DEBUG --log-prefix "FORWARD:"
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source myPublicIP
But from my private lan not work to ping to publicDest, any idea?
Best regards.
Cristian
********************************************************************
NOTA DE CONFIDENCIALIDAD / CONFIDENTIALITY NOTE
Este mensaje y sus anexos son confidenciales y pueden contener informacion (i) de propiedad exclusiva de Scio S.A. sus afiliadas o subsidiarias; o (ii) amparada por el secreto profesional. Si usted ha recibido este fax o e-mail por error, por favor, comuniquelo inmediatamente via fax o e-mail y tenga la amabilidad de destruirlo; no debera copiar el mensaje ni divulgar su contenido a ninguna persona. Muchas gracias.
This message (including attachments) is confidential. It may also contain information that (i) is exclusively property of Scio S.A. or its affiliates or subsidiaries; or (ii) is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by fax or e-mail immediately and destroy or delete it from your files or system; you should also not copy the message nor disclose its contents to anyone. Thank you.
********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050209/f86f1e9a/attachment.htm
More information about the Users
mailing list