On Thursday, 16. August 2001 14:26, egger@mlcomputing.de wrote:
Hi!
My _test_ - LAN looks like this:
192.168.2.0/24
| Host1 with 192.168.2.1
Gateway (eth0) with 192.168.2.91 Gateway (eth1)
Internet
Gateway (eth1) with firewall Gateway (eth0) with 10.0.1.10
| Host2 with 10.0.1.21
10.0.1.0/24
I can do a ping from 192.168.2.1 to 10.0.1.10, but not to 10.0.1.21 and vice versa.
/proc/sys/net/ipv4/conf/*/rp_filter are set to "0". /proc/sys/net/ipv4/ip_forward is set to "1".
SuSE Linux 7.2 is installed on both gateways.
routed is running on both gateways, producing these firewall logs: --------------------------------------------------------------------------- ..... Packet log: input DENY eth0 PROTO=17 10.0.1.10:520 10.0.1.255:520 L=52 S=0x00 I=0 F=0x4000 T=64 (#5) [Same for eth1 with official addresses] ---------------------------------------------------------------------------
I use a own _updown.local script to set up the firewall rules: --------------------------------------------------------------------------- up-client:) ipchains -I forward -j ACCEPT -b \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:) ipchains -D forward -j ACCEPT -b \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; ---------------------------------------------------------------------------
What do you think, might be the problem?
I forgot to mention, that the SuSE firewall 7.2 definitely causes my problem. FreeSWAN works fine for me as long as the firewall is down. But calling "/etc/init.d/SuSEfirewall_init start" and restarting FreeSWAN to not loose its firewall rules already causes my problem. -- CU, Christoph