From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Jan 10 2003 - 19:26:14 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 10 Jan 2003, Emiliano wrote:
> Take a look to my iptables rules.
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
> dpt:500
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
> dpt:500
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
I need more information. As you attempt to connect, diff the output of
"iptables -L -n -v" taken twice, as a before and after snapshot. It will show
you which iptables rules (if any) the packets are falling afoul of. Barring
that, post the output of the ipsec barf command to the web. Perhaps we can
find something else in your system config that is causing a problem
(rp_filter? I doubt it.)
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPh8QSEOSC4btEQUtAQHqbgP/dQW2clJkvgXL0Ut7urX8VPLzscR6X29D
WEK2UjJXlW0lXafkyvXJuMvoqOT7p2J5bWlyy1eqaMQ5SbhoSsC3i0DQaTlupgf7
C6j1O7lJJaepDNRCe02CWbfQu9D+Uxuvl/dM2JGqjhyejKKCIO7/FA3ghUkzXc3v
YNs6eFA1x+k=
=eUFs
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:38 CET