[Openswan Users] Old user having troubles with new techniques
Larry Brown
larry.brown at dimensionnetworks.com
Mon Jun 28 15:19:38 EDT 2010
> Sounds like your IPsec tunnel is working properly. Are you sure there
> is no firewall on your office gateway (10.45.212.71)?
>
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere Policy match dir in pol ipsec
ACCEPT all -- anywhere anywhere Policy match dir out pol ipsec
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
> /proc/sys/net/ipv4/ip_forward needs to be 1, which I'm sure it is if
> it's acting as a NAT.
cat /proc/sys/net/ipv4/ip_forward
1
> Is there an iptables rule which is allowing
> packets from 192.168.2.1 to get through to 172.16.0.4?
>
> Perhaps something like this?
> -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT
> -A FORWARD -i eth1 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
>
The above iptables -L captures the results of your suggestion. Still no
go.
> If you truly don't have a firewall on your gateway, then I'm not exactly
> sure what's going on.
>
That makes two of us... Arrgh
More information about the Users
mailing list