ewheeler,AT,kaico,DOT,com wrote:
>
>your firewall rules. Next, do this:
>
> iptables -F
> iptables -t nat -F
> ipchains -F
>
>
>Once you've flushed ipchains (for the 2.2.x kernel) and iptables (for the
>2.4.x kernel) try your connections again.
>
>~hopefully~ all will work right. If it works fine with the tables
>
Yes, it's one of the 1st things I have done. But, flushing the tables
gave me exactly the
same messages (!!). So I think 2.4.4 iptables are buggy.
As this firewall wants to masquerade anyway, I've put 'vpnd' behind it
on a 2.2.17 box and it works perfectly.
Maybe one day, after a kernel upgrade, I'll try cipe or vpnd on this
2.4.x system.
Also, '/sbin/iptables -L -n -v -t nat' gives:
Chain PREROUTING (policy ACCEPT 325869 packets, 35462080 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 455466 packets, 37783009 bytes)
pkts bytes target prot opt in out source
destination
5414 364K MASQUERADE all -- * ppp0 192.168.1.0/24
0.0.0.0/0
442 21112 MASQUERADE all -- * ppp0 192.168.2.0/24
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 455327 packets, 37756776 bytes)
pkts bytes target prot opt in out source
destination
-----
As you can see, 'out=ppp0' and not '*' so it should masquerade only
packets going out through ppp0 not cipcb0. So 'iptables -t nat -I
POSTROUTING 1 -d 192.168.X.0/24 -j RETURN' should not be needed....(bug ?)
Best regards,
Ludovic Drolez.