[K12OSN] iptables guru's
burke at thealmquists.net
Sun Mar 4 01:04:34 UTC 2012
Are you denying all traffic by default?
Ping uses ICMP and not UDP or TCP, might that be an issue?
And why use masq instead of snat?
On Mar 3, 2012, at 12:20 PM, Barry R Cisna wrote:
> Hello All,
> Can anyone give me some pointers on an iptables setup?
> Doing an site-to-site IPsec vpn from Openswan/local site to racoon/
> remote site.
> The vpn connects ,& I can ping from remote site to my local site.
> With iptables running on local machine I can NOT ping to remote site.
> If I shut off iptables on local machine I can ping and browse remote
> site fine.
> Only existing iptables rules are MASQ on eth1 out.
> This is a two nic machine.
> local subnet 192.168.0.0/24
> remote subnet 192.168.1.0/24
> local public ip 18.104.22.168
> remote public ip 22.214.171.124
> With iptables running when I ping 192.168.1.1 remote gateway I get a no
> response from local public nic ip address.
> It seems I need yet another forwarding rule
> I did make an static route from local gateway/internal,to remote network
> to make pinging work with firewall off.
> I know this type of thing is very tricky without being in front of the
> Thank You,
> K12OSN mailing list
> K12OSN at redhat.com
> For more info see <http://www.k12os.org>
More information about the K12OSN