[Openswan Users] iptables rules, tunnel up network unreachable
Mittelsdorf, Björn
bjoern.mittelsdorf at scheer-management.com
Wed Jul 22 05:21:44 EDT 2015
Hi all,
if I am not mistaken the SNAT rule is wrong.
You must not SNAT the left network traffic to the public ip because only pakets originating from the private network enter the tunnel.
In my cases I use a route (ip route ...) on the private network machines to reach the left tunnel end point. As soon as they reach the tunnel endpoint they are detected by IPsec and automatically pushed through the tunnel.
Short version: Delete the last iptables rule :-)
Best regards
Bjoern
>
> iptables -A INPUT -p udp --dport 500 -j ACCEPT
> iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
> iptables -A INPUT -p udp --dport 4500 -j ACCEPT
>
>
> iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -d 192.168.13.0/24 -j
> SNAT --to (debian fw public IP)
>
> I forgot to mention that traceroute shows that traffic is going to the
> Internet, not through the tunnel.
>
>
>
> Regards,
>
>
> --
> Mitsue
>
>
> ------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 135, Issue 7
> *************************************
More information about the Users
mailing list