[Openswan Users] openswan routing pb
nicolas salvagno
nicolas.salvagno at mairie-lepontet.fr
Mon Jul 17 09:45:17 CEST 2006
Hi,
I manage a linux box and a linksys befsx41 in lan2lan with openswan.
It works perfectly from any machines from the both networks (ping,
samba...). But the Linux gateway can't ping any machine from the foreign
network (no echo-reply...)
I think this problem comes from my iptables rules but I don't see where
it freezes...
Here are my iptables rules
# Mark VPN packets
$IPTABLES -t mangle -A PREROUTING -i $EXT_IF -p esp -j MARK --set-mark 1
#VPN
$IPTABLES -t nat -A PREROUTING -s $REMOTE_LAN -i $EXT_IF -m mark --mark
1 -j ACCEPT
# Spoof protection
$IPTABLES -t nat -A PREROUTING -d $LOCAL_LAN -i $EXT_IF -j DROP
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p udp -m udp --dport 500 -j ACCEPT #VPN
$IPTABLES -A INPUT -i $EXT_IF -m mark --mark 1 -j ACCEPT
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -m mark --mark 1 -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -j ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060717/6fa95877/attachment.htm
More information about the Users
mailing list