[Openswan Users] maybe iptables is the problem??
Lelio Parisi
piccololean at yahoo.it
Thu Oct 20 10:37:27 CEST 2005
no... and I don't know how to do. I'm not good with
iptables...
--- Delta Yeh <delta.yeh at gmail.com> ha scritto:
> Did you add rule in FORWARD chain to ACCEPT
> 192.168.0.0/24 <http://192.168.0.0/24> ->
> net_behind_pix
> ?
>
> On 10/20/05, Lelio Parisi <piccololean at yahoo.it>
> wrote:
> >
> > thanks... I've tried but the problem persist
> >
> >
> >
> > --- "tvsjr at sprynet.com" <tvsjr at sprynet.com> ha
> > scritto:
> >
> > > I believe you're mangling the tunnel with your
> > > masquerade. Add an exemption for the remote
> > > network...
> > > iptables -A POSTROUTING -t nat -o ppp0 -d !
> <remote
> > > network> -j MASQUERADE
> > >
> > > I use a tool called Firewall Builder
> > > (www.fwbuilder.org <http://www.fwbuilder.org>)
> to build my firewall
> > rules. It
> > > puts a Checkpoint-ish interface on the front end
> of
> > > iptables, ipfw, etc. and builts scripts for you.
> > > Absolutely wonderful... I don't grok iptables
> rules
> > > without having to think about them... but the
> 150+
> > > rules in my primary firewall are easy to
> understand
> > > and manage in the Firewall Builder interface.
> > >
> > > Terry
> > >
> > > -----Original Message-----
> > > From: Lelio Parisi <piccololean at yahoo.it>
> > > Sent: Oct 19, 2005 11:59 AM
> > > To: users at openswan.org
> > > Subject: [Openswan Users] maybe iptables is the
> > > problem??
> > >
> > > Regard my problem... can it be a wrong iptables
> > > setting?? My openswan box has a ppp0 interface
> and a
> > > eth0 interface with 192.168.0.1
> <http://192.168.0.1> IP address. The pcs
> > > behind it has 192.168.0.x address and to let
> them go
> > > out over internet I put on linux openswan:
> > >
> > > ifconfig eth0 192.168.0.1 <http://192.168.0.1>
> > > iptables -A POSTROUTING -t nat -o ppp0 -j
> MASQUERADE
> > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > >
> > > maybe there's something wrong so the packets
> can't
> > > reach the other side (the pix)?
> > > thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > > ___________________________________
> > > Yahoo! Mail: gratis 1GB per i messaggi e
> allegati da
> > > 10MB
> > > http://mail.yahoo.it
> > > _______________________________________________
> > > Users mailing list
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> > ___________________________________
> > Yahoo! Messenger: chiamate gratuite in tutto il
> mondo
> > http://it.messenger.yahoo.com
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
>
___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da
10MB
http://mail.yahoo.it
___________________________________
Yahoo! Messenger: chiamate gratuite in tutto il mondo
http://it.messenger.yahoo.com
More information about the Users
mailing list