[Openswan Users] Forwrward decripted traffic with NETKEY
Ales Klok
orrie at seznam.cz
Mon Jun 11 11:16:15 EDT 2007
davor krabse wrote:
> I used the following commands:
>
> iptables -t mangle -A PREROUTING -p esp -j MARK --set-mark 1
> iptables -t nat -A PREROUTING -m mark --mark 1 -p udp --dport 1701 -j DNAT
> --to 192.168.147.11
>
> but with:
>
> iptables -L -vn -t nat
> iptables -L -vn -t mangle
>
> the nr of packets and bytes is 0, although the IPSEC between client and
> linux vpn server is established.
>
> Davor
>
That's odd. If the first rule is not hit at all it means no ESP packet
enter iptables. Either it is discarded prior to iptables (unlikely) or
no ESP packet reach that interface. Check ESP traffic with "tcpdump -i
<ext_iface> ip proto 50 -v" to see if there is any.
/ak
More information about the Users
mailing list