[Openswan Users] Going beyond the dmz net
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 29 12:39:28 CEST 2005
Ivan Lopez wrote:
> In the bastion host, I can see echo-request and echo-reply packets in
> the eth1 interface (which connects it to the dmz) . All seems to be OK
> until here.
> In ppp0 I can see only echo-requests. No echo replies.
> Iptables debug in the bastion host shows a echo-reply which has IN=eth1
> and OUT=ppp0 but this packet never reaches ppp0, tcpdump in ppp0 shows
> only echo requests.
I suggested to Ivan that rp_filter might be set so that the packets are
rejected because they arrive on the wrong interface. He wrote back that
indeed rp_filter was set on the external interface. When it was cleared
everything worked like a charm.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list