[K12OSN] iptables guru's

Burke Almquist burke at thealmquists.net
Sun Mar 4 01:04:34 UTC 2012

Are you denying all traffic by default?
Ping uses ICMP and not UDP or TCP, might that be an issue?
And why use masq instead of snat?


On Mar 3, 2012, at 12:20 PM, Barry R Cisna wrote:

> Hello All,
> Can anyone give me some pointers on an iptables setup?
> Doing an site-to-site IPsec vpn from Openswan/local site  to racoon/
> remote site.
> The vpn connects ,& I can ping from remote site to my local site. 
> With iptables running on local machine I can NOT ping to remote site.
> If I shut off iptables on local machine I can ping and browse remote
> site fine.
> Only existing iptables rules are MASQ on eth1 out.
> This is a two nic machine.
> local subnet
> remote subnet
> local public ip
> remote public ip
> With iptables running when I ping remote gateway I get a no
> response from local public nic ip address.
> It seems I need yet another forwarding rule
> I did make an static route from local gateway/internal,to remote network
> to make pinging work with firewall off.
> I know this type of thing is very tricky without being in front of the
> machine.
> Thank You,
> Barry
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list