[Openswan Users] http and smtp not working

Peter McGill petermcgill at goco.net
Fri Sep 21 08:45:18 EDT 2007 

I can't be completely sure, because this output doesn't show all the rule details like interface.
But if the first two rules in the Firewall chain apply to your loopback and internal LAN interfaces,
While the others apply to your public wan internet interface, then I have an answer.

Your blocking all tcp traffic except ssh.
Try copying your ACCEPT NEW ssh rule for both http and smtp.

Peter

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of txjin
> Sent: September 20, 2007 10:05 PM
> To: users at openswan.org
> Subject: [Openswan Users] http and smtp not working
> 
> I have set up a openswan server and can ping computers on the network 
> from my roadwarrior computer, but I can't use http or smtp on those 
> computers.  I'm not exactly sure what is going on.
> Computers on the network can connect to web servers on the 
> roadwarrior 
> computer.
> tcpdump from interface eth0 the packets never appear on eth1
> tcpdump -i eth0 host 192.168.1.232
> 
> 20:58:01.486528 IP 192.168.1.232.33099 > 192.168.7.164.http: S 
> 1183908294:1183908294(0) win 5840 <mss 1460,sackOK,timestamp 
> 438761098 
> 0,nop,wscale 2>
> 20:58:01.534147 IP 192.168.7.177 > 192.168.1.232: icmp 68: host 
> 192.168.7.164 unreachable - admin prohibited
> 
> 
> iptables -L on openswan firewall
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> EXTRA1     all  --  anywhere             anywhere
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     ipv6-crypt--  anywhere             anywhere
> ACCEPT     ipv6-auth--  anywhere             anywhere
> ACCEPT     udp  --  anywhere             224.0.0.251         
> udp dpt:5353
> ACCEPT     udp  --  anywhere             anywhere            
> udp dpt:ipp
> ACCEPT     all  --  anywhere             anywhere            state 
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            
> state NEW 
> tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere            
> reject-with 
> icmp-host-prohibited
> 
> Chain EXTRA1 (1 references)
> target     prot opt source               destination
> ACCEPT     udp  --  anywhere             anywhere            
> udp dpt:isakmp
> ACCEPT     udp  --  anywhere             anywhere            
> udp dpt:4500
> ACCEPT     tcp  --  anywhere             anywhere            
> tcp dpt:4500
> ACCEPT     tcp  --  anywhere             anywhere            
> tcp dpt:isakmp
> ACCEPT     ipv6-crypt--  anywhere             
> 64.221.219.99.ptr.us.xo.net
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155

More information about the Users mailing list