|-----Ursprüngliche Nachricht----- |Von: Ray Leach [mailto:raymondl@knowledgefactory.co.za] |Gesendet: Mittwoch, 23. April 2003 09:25 |An: SuSE Security |Betreff: Re: [suse-security] IP Tunnel in only one direction possible | | |Hi | |The fact that you can use PCAnywhere from Net1 to Net2 requires traffic |flow in both directions, right? Yes, this is correct and I'm very confused about this. | |So, the problem is not likely to be routing, but probably |something like |a stray PREROUTING/POSTROUTING rule. Where can I find the rules? | |Ray | |On Wed, 2003-04-23 at 09:06, Thomas Kerkau wrote: |> Hi Peter, |> |> this midght be due to yout iptables configuration. It is |unlikley to be |> due to your ipsec or routing config, cause it works in one |direction. I |> would try to take down iptables, if possible. This is not |secure but a |> quick test. Maybe you take a look at your iptables |configuration first, |> and compare FW1 and FW2, keeping in mind that FW2 has an |external ethX |> and a pppX interface. |> Some further ideas: |> Maybe you try to use tcpdump on FW2, looking for the pakets |from Net2 or |> enable loging for all pakets with iptables. |> |> Hope this helps a little but it is very dificult to guess |what might be |> wrong, |> |> Thomas |> |> |> > I have a big problem, that today the VPN tunnel is only |usable in one |> > direction. |> > |> > NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN |Gateway ---- NET(2) |> > |> > I can ping from NET1 to NET2 and get replies. ( I also can |use different |> > other thinks like pcanywhere, file access to the pc's on net2,...) |> > |> > I cannot ping from NET2 to NET1. There is nothing in the |logfiles. I can |> > only see on the interface statistik that the 4 ping |packets are dropped. |> > |> > I use on both sides: |> > Freeswan 1.98b |> > iptables |> > Suse Linux 8.0 |> > -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!