[Openswan Users] maybe iptables is the problem??
Delta Yeh
delta.yeh at gmail.com
Thu Oct 20 10:57:56 CEST 2005
Did you add rule in FORWARD chain to ACCEPT
192.168.0.0/24 <http://192.168.0.0/24> -> net_behind_pix
?
On 10/20/05, Lelio Parisi <piccololean at yahoo.it> wrote:
>
> thanks... I've tried but the problem persist
>
>
>
> --- "tvsjr at sprynet.com" <tvsjr at sprynet.com> ha
> scritto:
>
> > I believe you're mangling the tunnel with your
> > masquerade. Add an exemption for the remote
> > network...
> > iptables -A POSTROUTING -t nat -o ppp0 -d ! <remote
> > network> -j MASQUERADE
> >
> > I use a tool called Firewall Builder
> > (www.fwbuilder.org <http://www.fwbuilder.org>) to build my firewall
> rules. It
> > puts a Checkpoint-ish interface on the front end of
> > iptables, ipfw, etc. and builts scripts for you.
> > Absolutely wonderful... I don't grok iptables rules
> > without having to think about them... but the 150+
> > rules in my primary firewall are easy to understand
> > and manage in the Firewall Builder interface.
> >
> > Terry
> >
> > -----Original Message-----
> > From: Lelio Parisi <piccololean at yahoo.it>
> > Sent: Oct 19, 2005 11:59 AM
> > To: users at openswan.org
> > Subject: [Openswan Users] maybe iptables is the
> > problem??
> >
> > Regard my problem... can it be a wrong iptables
> > setting?? My openswan box has a ppp0 interface and a
> > eth0 interface with 192.168.0.1 <http://192.168.0.1> IP address. The pcs
> > behind it has 192.168.0.x address and to let them go
> > out over internet I put on linux openswan:
> >
> > ifconfig eth0 192.168.0.1 <http://192.168.0.1>
> > iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > maybe there's something wrong so the packets can't
> > reach the other side (the pix)?
> > thanks
> >
> >
> >
> >
> >
> >
> > ___________________________________
> > Yahoo! Mail: gratis 1GB per i messaggi e allegati da
> > 10MB
> > http://mail.yahoo.it
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> >
> >
> >
>
>
>
>
> ___________________________________
> Yahoo! Messenger: chiamate gratuite in tutto il mondo
> http://it.messenger.yahoo.com
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051020/ccb360c2/attachment-0001.htm
More information about the Users
mailing list