When I used iptables it captured (recorded the packets going to ipsec)
I tried turning debugging on, but a lot of stuff in the logs.
The thing is with the MASQ/NAT is everything MASQ/NAT back to the Internet
IF, which I can ping from succeffuly.
I might try tcpdump ipsec on and see what the return packets are !
Thanks
-----Original Message-----
From: Andreas Marbet [mailto:andreas.marbet_at_bluefire.ch]
Sent: Thursday, 9 May 2002 9:53 PM
To: asamad_at_ozemail.com.au; FreeSwan (E-mail)
Subject: RE: [Users] Second Try (Routing problem & setup of conn)
Hi,
some thoughts to your trials
> The machine that I have installed in on is a firewall
> machine, hiding a
> locallan. I am using iptables (NAT).
>
> When I try the test suggested in the doc, using conn
> me-to-anyone, by using
> auto=route. I can ping oetest.freeswan.org and for example
> www.yahoo.com.au, from the linux box.
>
> When I go a machine on the locallan, I can still ping
> oetest.freeswan.org,
> but I can not ping www.yahoo.com.au.
do these pings go out via ipsec0 or eth0? (tcpdump -i ipsec0)
> I made the necessary changes to my firewall config, basically
> allowing all
> traffic in/out on ipsec0 and add MASQ for ipsec0 in the nat table.
I haven't read the example about oetest.freeswan.org, but usually you
must not masquerade traffic on ipsec. If you do, traffic could get
masqueraded before arriving at the ipsec interface and freeswan doesnt
know how to route.
How does the routing table look like? What does 'ipsec eroute' say? Have
you tried to turn on debugging?
Andreas
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST