Hello Geert, You need to look at your complete iptables rule set (`iptables-save`). It seems like you're not familiar with it, so learn about it. And please keep it on the mailing list.
On 31.05.2016 15:02, Geert Geurts wrote: > OK... that was a bit too early.... > The FORWARD chain had policy ACCEPT, putting a "iptables -A FORWARD > --reject-with icmp-host-prohibited" brings me back to the previous... > But I don't get it... > Bringing up the connection adds 2 rules to the FORWARD chain, one "dir > in pol ipsec reqid 4 proto esp" and one "dir out pol ipsec reqid 4 > proto esp", even adding a rule for "-s 10.1.0.0/24 -J ACCEPT" doesn't > seem to catch the trafic... > Any ideas? > > > > On Tue, May 31, 2016 at 2:45 PM, Geert Geurts <[email protected]> wrote: >> > SWEET!!! >> > iptables -a FORWARD -s 10.1.0.0/24 -j ACCEPT >> > >> > Live can be so simple!!! >> > >> > Thanks! >> > >> > On Tue, May 31, 2016 at 2:41 PM, Geert Geurts <[email protected]> >> > wrote: >>> >> Hi Noel! >>> >> Probably you're right!! :D >>> >> I only don't have an idea how to see this or how to test this. Could >>> >> you please advice? >>> >> >>> >> Thanks!! >>> >> >>> >> Regards, >>> >> Geert >>> >> >>> >> On Tue, May 31, 2016 at 2:38 PM, Noel Kuntze <[email protected]> >>> >> wrote: >>>> >>> Hello Geert, >>>> >>> >>>> >>> On 31.05.2016 14:29, Geert Geurts wrote: >>>>> >>>> Problem is trying to ping google.nl from CLIENT, I get a response >>>>> >>>> from >>>>> >>>> 1.2.3.4 "Destination Host Prohibited". >>>> >>> >>>> >>> That looks like your iptables rules prohibit forwarding of IP packets >>>> >>> to that host. >>>> >>> >>>> >>> Configure your iptables rules correctly and check any firewall you >>>> >>> operate on the network path >>>> >>> >>>> >>> to google.nl. >>>> >>> >>>> >>> -- >>>> >>> >>>> >>> Mit freundlichen Grüßen/Kind Regards, >>>> >>> Noel Kuntze >>>> >>> >>>> >>> GPG Key ID: 0x63EC6658 >>>> >>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >>>> >>> >>>> >>> -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
