[K12OSN] iptables guru's
Burke Almquist
burke at thealmquists.net
Sun Mar 4 01:04:34 UTC 2012
Are you denying all traffic by default?
Ping uses ICMP and not UDP or TCP, might that be an issue?
And why use masq instead of snat?
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/
On Mar 3, 2012, at 12:20 PM, Barry R Cisna wrote:
> Hello All,
>
> Can anyone give me some pointers on an iptables setup?
>
> Doing an site-to-site IPsec vpn from Openswan/local site to racoon/
> remote site.
> The vpn connects ,& I can ping from remote site to my local site.
> With iptables running on local machine I can NOT ping to remote site.
> If I shut off iptables on local machine I can ping and browse remote
> site fine.
> Only existing iptables rules are MASQ on eth1 out.
> This is a two nic machine.
>
> local subnet 192.168.0.0/24
> remote subnet 192.168.1.0/24
> local public ip 1.2.3.4
> remote public ip 4.5.6.7
>
> With iptables running when I ping 192.168.1.1 remote gateway I get a no
> response from local public nic ip address.
> It seems I need yet another forwarding rule
> I did make an static route from local gateway/internal,to remote network
> to make pinging work with firewall off.
> I know this type of thing is very tricky without being in front of the
> machine.
>
> Thank You,
> Barry
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list