[Openswan Users] Openswan<->Freeswan FTP Packet lost
Ted Kaczmarek
tedkaz at optonline.net
Mon Jan 3 07:31:27 CET 2005
On Fri, 2004-12-31 at 18:29 +0100, Peter Gerland wrote:
> Hello,
>
> i have set up an roadwarrior from openswan (fedora core 3, Kernel
> 2.6.9-1.667) to an older static freeswan (the freeswan side has
> 25 very well working roadwarrior-clients with net-to-net connections)
>
> I can ping from net to net, i can telnet, smtp works, but
> ftp lost packets.
>
> The mystery is, from all Linux-Clients at the Freeswan-Side i can FTP
> to an SCO-Openserver on the Openswan side, but not from an SCO-Openserver
> on the Freeswan-Side to the SCO-Openserver on the Openswan-Side.
>
> >From the SCO-Openserver on the Openswan-Side, I can FTP-Login to the
> SCO on the Freeswan side, and then the transfer stop.
>
> Here is my ip-up Script on the Openswan-roadwarrior:
>
> 192.168.30 is the Openswan-Net
> 192.168.18 is the Freeswan-Net
> 192.168.30.200 is the Openswan-Roadwarrior internal network address
> ---------ip-up--
> /sbin/iptables -P FORWARD ACCEPT
> /sbin/iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j REJECT
> /sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.30.0/24 \
> -d ! 192.168.18.0/24 -j MASQUERADE
> /sbin/iptables -t mangle -I INPUT -p esp -j MARK --set-mark 50
> /sbin/iptables -I FORWARD -i ppp0 -o eth0 -d 192.168.30.0/24 -m state \
> --state NEW,ESTABLISHED -m mark --mark 50 -j ACCEPT
>
> /sbin/iptables -I INPUT -i ppp0 -d 192.168.30.200/32 -m state \
> --state NEW,ESTABLISHED -m mark --mark 50 -j ACCEPT
>
> -------------
>
>
>
> TX for any help!
>
> Peter
Use tcpdump to isolate the problem.
Ted
More information about the Users
mailing list