[Openswan Users] maybe iptables is the problem??
tvsjr at sprynet.com
tvsjr at sprynet.com
Wed Oct 19 14:45:35 CEST 2005
I believe you're mangling the tunnel with your masquerade. Add an exemption for the remote network...
iptables -A POSTROUTING -t nat -o ppp0 -d ! <remote network> -j MASQUERADE
I use a tool called Firewall Builder (www.fwbuilder.org) to build my firewall rules. It puts a Checkpoint-ish interface on the front end of iptables, ipfw, etc. and builts scripts for you. Absolutely wonderful... I don't grok iptables rules without having to think about them... but the 150+ rules in my primary firewall are easy to understand and manage in the Firewall Builder interface.
Terry
-----Original Message-----
From: Lelio Parisi <piccololean at yahoo.it>
Sent: Oct 19, 2005 11:59 AM
To: users at openswan.org
Subject: [Openswan Users] maybe iptables is the problem??
Regard my problem... can it be a wrong iptables
setting?? My openswan box has a ppp0 interface and a
eth0 interface with 192.168.0.1 IP address. The pcs
behind it has 192.168.0.x address and to let them go
out over internet I put on linux openswan:
ifconfig eth0 192.168.0.1
iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
maybe there's something wrong so the packets can't
reach the other side (the pix)?
thanks
___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list