[Openswan Users] no l2tp traffic with NATed client
Neil Ballantyne
Neil at liquide.uk.com
Wed Jun 8 20:53:40 CEST 2005
# cat /proc/sys/net/ipv4/conf/all/rp_filter
1
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:05:5D:7D:20:A4
inet addr:xxx.xxx.xxx.118 Bcast:xxx.xxx.xxx.119 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4893730 errors:0 dropped:0 overruns:0 frame:0
TX packets:4616053 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1571449947 (1.4 GiB) TX bytes:1296615961 (1.2 GiB)
Interrupt:19 Base address:0xdc80
eth1 Link encap:Ethernet HWaddr 00:05:5D:7D:20:A5
inet addr:yyy.yyy.1.250 Bcast:yyy.yyy.1.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9625821 errors:0 dropped:237 overruns:0 frame:0
TX packets:11478671 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1583891271 (1.4 GiB) TX bytes:2055686988 (1.9 GiB)
Interrupt:20 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:182417 errors:0 dropped:0 overruns:0 frame:0
TX packets:182417 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:274783836 (262.0 MiB) TX bytes:274783836 (262.0 MiB)
________________________________
From: users-bounces at openswan.org on behalf of Ivan Lopez
Sent: Fri 03/06/2005 12:21
To: users at openswan.org
Subject: RE: [Openswan Users] no l2tp traffic with NATed client
rp_filter?
ifconfig statistics for your interfaces?
Best Regards.
Ivan
-----Mensaje original-----
De: Neil Ballantyne [mailto:Neil at liquide.uk.com]
Enviado el: Viernes, 03 de Junio de 2005 5:13
Para: becker at informatik.uni-oldenburg.de; Norman Rasmussen
CC: Openswan Users Mlist
Asunto: RE: [Openswan Users] no l2tp traffic with NATed client
Am using 26sec in 2.6 kernel so no ipsec0 interface...
> -----Original Message-----
> From: Steffen Becker [mailto:becker at informatik.uni-oldenburg.de]
> Sent: 01 June 2005 15:48
> To: 'Norman Rasmussen'; Neil Ballantyne
> Cc: 'Openswan Users Mlist'
> Subject: RE: [Openswan Users] no l2tp traffic with NATed client
>
> Hi,
>
> > > For ref, the rule I'm using to forward traffic in to the
> > l2tp server is:
> > >
> > > iptables -t nat -A PREROUTING -i eth0 -p udp --sport 1701
> > --dport 1701
> > > -j DNAT --to-destination xxx.xxx.xxx.xxx
>
> There is an error, you have to use the ipsec interface change
> "-i eth0" to "-i ipsec0"
> From the cited HowTo:
>
> # make VPN server reachable
> /sbin/iptables -t nat -A PREROUTING -i ipsec0 \
> -p udp --sport 1701 --dport 1701 \
> -j DNAT --to-destination <address-of-VPN-server>
>
> Cheers,
> Steffen
>
> --------------------------------------------------------------
> ----------
> Dipl. Wirtsch. Inform. Steffen Becker, DFG Junior Research
> Group "Palladio", Fk 2, Department of Computing Science,
> Software Engineering Group CvO Universität Oldenburg / OFFIS,
> Escherweg 2, D-26121 Oldenburg
> Email: becker at informatik.uni-oldenburg.de
> URL: http://se.informatik.uni-oldenburg.de
> Voice: +49 441 9722-582 (-501, secr.) Fax: +49 441 9722-502
> --------------------------------------------------------------
> ----------
>
>
_______________________________________________
Users mailing list
Users at openswan.org http://lists.openswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050608/42000c7d/attachment.htm
More information about the Users
mailing list