[Openswan Users] http and smtp not working
txjin
txjin at intelliepi.com
Thu Sep 20 22:04:52 EDT 2007
I have set up a openswan server and can ping computers on the network
from my roadwarrior computer, but I can't use http or smtp on those
computers. I'm not exactly sure what is going on.
Computers on the network can connect to web servers on the roadwarrior
computer.
tcpdump from interface eth0 the packets never appear on eth1
tcpdump -i eth0 host 192.168.1.232
20:58:01.486528 IP 192.168.1.232.33099 > 192.168.7.164.http: S
1183908294:1183908294(0) win 5840 <mss 1460,sackOK,timestamp 438761098
0,nop,wscale 2>
20:58:01.534147 IP 192.168.7.177 > 192.168.1.232: icmp 68: host
192.168.7.164 unreachable - admin prohibited
iptables -L on openswan firewall
Chain INPUT (policy ACCEPT)
target prot opt source destination
EXTRA1 all -- anywhere anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain EXTRA1 (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:4500
ACCEPT tcp -- anywhere anywhere tcp dpt:4500
ACCEPT tcp -- anywhere anywhere tcp dpt:isakmp
ACCEPT ipv6-crypt-- anywhere 64.221.219.99.ptr.us.xo.net
More information about the Users
mailing list