Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-security (300 mails)

< Previous Next >
Re: [suse-security] IP Tunnel in only one direction possible
  • From: telest@xxxxxxx
  • Date: Wed, 23 Apr 2003 10:09:13 +0200 (MEST)
  • Message-id: <29972.1051085353@xxxxxxxxxxxxx>


|-----Ursprüngliche Nachricht-----
|Von: Ray Leach [mailto:raymondl@xxxxxxxxxxxxxxxxxxxxxx]
|Gesendet: Mittwoch, 23. April 2003 09:25
|An: SuSE Security
|Betreff: Re: [suse-security] IP Tunnel in only one direction possible
|
|
|Hi
|
|The fact that you can use PCAnywhere from Net1 to Net2 requires traffic
|flow in both directions, right?
Yes, this is correct and I'm very confused about this.

|
|So, the problem is not likely to be routing, but probably
|something like
|a stray PREROUTING/POSTROUTING rule.
Where can I find the rules?



|
|Ray
|
|On Wed, 2003-04-23 at 09:06, Thomas Kerkau wrote:
|> Hi Peter,
|>
|> this midght be due to yout iptables configuration. It is
|unlikley to be
|> due to your ipsec or routing config, cause it works in one
|direction. I
|> would try to take down iptables, if possible. This is not
|secure but a
|> quick test. Maybe you take a look at your iptables
|configuration first,
|> and compare FW1 and FW2, keeping in mind that FW2 has an
|external ethX
|> and a pppX interface.
|> Some further ideas:
|> Maybe you try to use tcpdump on FW2, looking for the pakets
|from Net2 or
|> enable loging for all pakets with iptables.
|>
|> Hope this helps a little but it is very dificult to guess
|what might be
|> wrong,
|>
|> Thomas
|>
|>
|> > I have a big problem, that today the VPN tunnel is only
|usable in one
|> > direction.
|> >
|> > NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN
|Gateway ---- NET(2)
|> >
|> > I can ping from NET1 to NET2 and get replies. ( I also can
|use different
|> > other thinks like pcanywhere, file access to the pc's on net2,...)
|> >
|> > I cannot ping from NET2 to NET1. There is nothing in the
|logfiles. I can
|> > only see on the interface statistik that the 4 ping
|packets are dropped.
|> >
|> > I use on both sides:
|> > Freeswan 1.98b
|> > iptables
|> > Suse Linux 8.0
|> >

--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!


< Previous Next >