[Openswan Users] Old user having troubles with new techniques

Larry Brown larry.brown at dimensionnetworks.com
Mon Jun 28 15:19:38 EDT 2010


> Sounds like your IPsec tunnel is working properly.  Are you sure there 
> is no firewall on your office gateway (10.45.212.71)?
> 

iptables -L

Chain INPUT (policy ACCEPT)
target	prot opt source		destination

Chain FORWARD (policy ACCEPT)
target	prot opt source		 destination
ACCEPT	all  --  anywhere	 anywhere	Policy match dir in pol ipsec
ACCEPT  all  --  anywhere	 anywhere       Policy match dir out pol ipsec

Chain OUTPUT (policy ACCEPT)
target	prot opt source		destination


> /proc/sys/net/ipv4/ip_forward needs to be 1, which I'm sure it is if 
> it's acting as a NAT.  

cat /proc/sys/net/ipv4/ip_forward
1

> Is there an iptables rule which is allowing 
> packets from 192.168.2.1 to get through to 172.16.0.4?
> 
> Perhaps something like this?
> -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT
> -A FORWARD -i eth1 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
> 

The above iptables -L captures the results of your suggestion.  Still no
go.

> If you truly don't have a firewall on your gateway, then I'm not exactly 
> sure what's going on.
> 

That makes two of us... Arrgh





More information about the Users mailing list