[Openswan Users] Fwd: Lost packets after DNAT

George Adams georgebadams at yahoo.com.au
Tue Mar 1 09:49:58 CET 2005 

Oops forgot to CC the list. Me bad. :-)

 --- George Adams <georgebadams at yahoo.com.au> wrote: 
> Date: Tue, 1 Mar 2005 09:44:53 +1100 (EST)
> From: George Adams <georgebadams at yahoo.com.au>
> Subject: Re: [Openswan Users] Fwd: Lost packets
> after DNAT
> To: Paul Wouters <paul at xelerance.com>
> 
>  --- Paul Wouters <paul at xelerance.com> wrote: 
> > On Mon, 28 Feb 2005, George Adams wrote:
> > 
> > >> but I dont see anything at the internal
> interface
> > or
> > >> server end. Also I am getting martians logged
> on
> > the
> > >> ipsec interface. Eg:
> > >>
> > >> kernel: martian source 192.168.208.137 from
> > >> 10.0.62.6,
> > >> on dev ipsec0
> > 
> > disable rp_filter
> > 
> 
> ipsec0 is bound to eth1.
> 
> the sysctl.conf file has:
> 
> # Controls source route verification
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.eth1.rp_filter=0
> 
> and 
> 
> # cat /proc/sys/net/ipv4/conf/eth1/rp_filter
> 0
> 
> should I disable default.rp_filter? 
> 
> I recall having to disable eth1.rp_filter because
> IPSEC complains about it during startup.
> 
> > Run ipsec verify (ignore the OE checks that might
> > fail)
> > 
> 
> # ipsec verify
> Checking your system to see if IPsec got installed
> and
> started correctly
> Version check and ipsec on-path                     
>  
>      [OK]
> Checking for KLIPS support in kernel                
>  
>      [OK]
> Checking for RSA private key (/etc/ipsec.secrets)   
>  
>      [OK]
> Checking that pluto is running                      
>  
>      [OK]
> DNS checks. 
> Looking for forward key for gateway                 
>  
>      [NO KEY]
> Does the machine have at least one non-private
> address
>      [OK]
> Two or more interfaces found, checking IP forwarding
>  
>      [OK]
> Checking NAT and MASQUERADING                       
>  
>      
>  tun0x111e at xx.xx.xx.xx:0                            
>  
>    [OK]
> 
> 
> I should mention that this is running on Redhat 8
> with
> kernel version 2.4.20. We are currently testing
> Openswan on RHEL 3es but in the meantime I need to
> get
> this working.
> 
> Thanks.
> 
> > Paul
> >  


Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

More information about the Users mailing list