[Openswan Users] Certain packets not traversing the VPN

Mike A. Leonetti mleonetti at evolutionce.com
Tue Apr 13 14:12:36 EDT 2010


Paul Wouters wrote:
>
> So its a firewall, somewhere.....
>
> Paul
You would think so.  But the firewall rules on both servers say "From
source IP 10.0.0.0/24 ALLOW" for both the PREROUTING (nat) and the INPUT
(filter) tables.  There are no mangling rules.  NFS works perfectly.
>
> On Sun, 11 Apr 2010, Mike A. Leonetti wrote:
>
>> Date: Sun, 11 Apr 2010 04:45:33 -0400
>> From: Mike A. Leonetti <mleonetti at evolutionce.com>
>> To: users at openswan.org
>> Subject: Re: [Openswan Users] Certain packets not traversing the VPN
>>
>> Mike A. Leonetti wrote:
>>
>>  On a Linux<->Linux VPN all machines can talk to each other through
>> ping,
>> SSH, RDP, and those protocols work.  But port 445 is showed as
>> "filtered" by nmap who also complains and says "Note: Host seems down.
>> If it is really up, but blocking our ping probes, try -PN".  What might
>> specifically be blocking  this port on machines on either side of the
>> VPN?
>>
>> On both iptables on the VPN all traffic from the source network is
>> Accepted.
>>
>> Essentially the SMB shares aren't working.
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>> As a follow up to my own post (lame as it is), the strange thing is
>> the difference in the nmaps:
>>
>> From in the network:
>> Starting Nmap 4.76 ( http://nmap.org ) at 2010-04-11 04:42 EDT
>> Interesting ports on 10.1.1.123:
>> Not shown: 997 filtered ports
>> PORT     STATE SERVICE
>> 139/tcp  open  netbios-ssn
>> 445/tcp  open  microsoft-ds
>> 3389/tcp open  ms-term-serv
>> MAC Address: 00:0D:56:03:B5:52 (Dell Pcba Test)
>>
>> Nmap done: 1 IP address (1 host up) scanned in 4.78 seconds
>>
>> Starting Nmap 4.76 ( http://nmap.org ) at 2010-04-11 04:42 EDT
>> mass_dns: warning: Unable to determine any DNS servers. Reverse DNS
>> is disabled. Try using --system-dns or specify valid servers with
>> --dns-servers
>> Interesting ports on 10.1.1.123:
>> Not shown: 997 filtered ports
>> PORT     STATE SERVICE
>> 139/tcp  open  netbios-ssn
>> 445/tcp  open  microsoft-ds
>> 3389/tcp open  ms-term-serv
>> MAC Address: 00:0D:56:03:B5:52 (Dell Pcba Test)
>>
>> Nmap done: 1 IP address (1 host up) scanned in 4.78 seconds
>>
>> Over the VPN:
>>
>> Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-11 04:41 EDT
>> Interesting ports on 10.1.1.123:
>> Not shown: 999 filtered ports
>> PORT     STATE SERVICE
>> 3389/tcp open  ms-term-serv
>>
>> Nmap done: 1 IP address (1 host up) scanned in 4.77 second
>>
>> When NMAP is run over the network it doesn't even SEE port 139 and 445.
>>
>>


More information about the Users mailing list