From: Vicente Vives (vvives_at_aimplas.es)
Date: Wed Nov 27 2002 - 17:22:00 CET
Hi. I have a problem im my freeswan gw.
Packets arrive to the gw but they don't know how to leave the gw:
example, in /var/log/message:
Nov 26 17:29:45 gateway kernel: VPN :IN=eth0 OUT=
MAC=00:00:00:00:00:00:00:c0:49:44:ec:13:08:00 SRC=warrior_ip
DST=gw_external_ip LEN=84 TOS=0x00 PREC=0x00 TTL=115 ID=14561 PROTO=UDP
SPT=500 DPT=500 LEN=64
where IN=public iface and OUT=should be private iface but it's empty.
Yesterday I made this question to the #freeswan irc channel and some
people told me that the problem could be the firewall rules.
I think fireewall rules are correct:
$IPTABLES -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT
$IPTABLES -A INPUT -p 50 -j ACCEPT
$IPTABLES -A OUTPUT -p 50 -j ACCEPT
$IPTABLES -A INPUT -p 51 -j ACCEPT
$IPTABLES -A OUTPUT -p 51 -j ACCEPT
$IPTABLES -A FORWARD -d $IF_LAN -i ipsec+ -j ACCEPT
and somebody suggested me:
$IPTABLES -A FORWARD -p udp --sport 500 --dport 500 -j ACCEPT
and there is not any other rule which can drop freeswan paquets to/from
gateway.
This morning i asked this question to the channel and someone told me to
modified iptables to don't drop anything (everything was accepted) but
it didn't work.
Do you have any suggestion?
Thanks for your help.
Vicent.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 29 2002 - 05:21:11 CET