Re: [Users] I have an established connection but can't ping (please help)

From: jools (technojunkie_at_ntlworld.com)
Date: Tue Aug 20 2002 - 02:22:14 CEST

• Next message: Jason A. Pattie: "SSHSentinel with dhcprelay (Was Re: [Users] dhcprelay version 0.3 released)"
• Previous message: Sarah Williams: "*****SPAM***** [Users] www.plaidhamster.com"
• In reply to: Sam Sgro: "Re: [Users] I have an established connection but can't ping (please help)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for that, I was sure I'd turned them off but I seem to be in a
situation where despite having set rp filtering to 0 in /etc/sysctl, they
seem to be set to 1 after restarting the network.

I must admit though that I've just discovered fwbuilder on sourceforge and it
made setting up our firewall (Mandrake 8.2) a doddle for AH / ESP use.

Cheers,

Jools

On Monday 19 August 2002 5:25 am, you wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Mon, 19 Aug 2002, jools wrote:
> > A mandrake 8.2 box configured as a firewall / router. The firewall has
> > been setup with a program called fireststarter which includes an option
> > to add settings for an IPSec connection to the firewall rules.
> >
> > Behind the firewall is a machine with IP 192.168.x.x. Freeswan 1.95 runs
> > on the firewall / router.
> >
> > When I run ipsec auto --up jools-office the /var/log/secure logfile
> > shows: sent QI2, IPsec SA Established
> >
> > suggesting the connection is made.
> >
> > ipsec eroute returns a x.x.x.x/xx => x.x.x.x/xx =>tun0xxxxxxxx.xx.xx.xxx
> >
> > reply but I cant ping to subnet addresses on the remote network.
>
> Read these error messages:
> > Aug 19 00:29:43 main ipsec_setup: WARNING: ipsec0 has route filtering
> > turned on, KLIPS may not work
> > Aug 19 00:29:43 main ipsec_setup:
> > (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be 0)
> > Aug 19 00:29:43 main ipsec_setup: WARNING: ppp0 has route filtering
> > turned on, KLIPS may not work
> > Aug 19 00:29:43 main ipsec_setup:
> > (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
>
> As they indicate, you need to turn rp_filter off on these interfaces. For
> more information, read:
>
> http://lists.freeswan.org/pipermail/briefs/2002q2/000057.html
>
> - ---
> Sam Sgro
> sam_at_freeswan.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the Reply-To: address.
>
> iQCVAwUBPWBzWEOSC4btEQUtAQF+OwQAodChXvqSbfZ6AWieQT8n31rGbIPx4T2z
> C8ZpO7iQWH8wzLQ6pmZHZ9fId5Pi0Zszj1VrfFrUuvweFUnRHd/H+AWGE2nVvSqa
> tQaVcOXkE4t3i3LdTYEAR07nMl8zlAvPASADybMZfP71d55Nz+xM4eHEartwPFmj
> H2FyYKUeoQc=
> =6BrQ
> -----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Jason A. Pattie: "SSHSentinel with dhcprelay (Was Re: [Users] dhcprelay version 0.3 released)"
• Previous message: Sarah Williams: "*****SPAM***** [Users] www.plaidhamster.com"
• In reply to: Sam Sgro: "Re: [Users] I have an established connection but can't ping (please help)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 20 2002 - 04:19:46 CEST