[Openswan Users] Certain packets not traversing the VPN

Mike A. Leonetti mleonetti at evolutionce.com
Sun Apr 11 04:45:33 EDT 2010


Mike A. Leonetti wrote:
> On a Linux<->Linux VPN all machines can talk to each other through ping,
> SSH, RDP, and those protocols work.  But port 445 is showed as
> "filtered" by nmap who also complains and says "Note: Host seems down.
> If it is really up, but blocking our ping probes, try -PN".  What might
> specifically be blocking  this port on machines on either side of the VPN?
>
> On both iptables on the VPN all traffic from the source network is Accepted.
>
> Essentially the SMB shares aren't working.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   
As a follow up to my own post (lame as it is), the strange thing is the
difference in the nmaps:

*From in the network:*
Starting Nmap 4.76 ( http://nmap.org ) at 2010-04-11 04:42 EDT
Interesting ports on 10.1.1.123:
Not shown: 997 filtered ports
PORT     STATE SERVICE
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-term-serv
MAC Address: 00:0D:56:03:B5:52 (Dell Pcba Test)

Nmap done: 1 IP address (1 host up) scanned in 4.78 seconds

Starting Nmap 4.76 ( http://nmap.org ) at 2010-04-11 04:42 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is
disabled. Try using --system-dns or specify valid servers with --dns-servers
Interesting ports on 10.1.1.123:
Not shown: 997 filtered ports
PORT     STATE SERVICE
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-term-serv
MAC Address: 00:0D:56:03:B5:52 (Dell Pcba Test)

Nmap done: 1 IP address (1 host up) scanned in 4.78 seconds

*Over the VPN:

*Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-11 04:41 EDT
Interesting ports on 10.1.1.123:
Not shown: 999 filtered ports
PORT     STATE SERVICE
3389/tcp open  ms-term-serv

Nmap done: 1 IP address (1 host up) scanned in 4.77 second

When NMAP is run over the network it doesn't even SEE port 139 and 445.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100411/d39f0878/attachment.html 


More information about the Users mailing list