-----BEGIN PGP SIGNED MESSAGE----- On Wednesday 13 August 2003 12:42, Miro Jurisic wrote: > >Could you post your configuration? > The ping is going from 18.101.2.221 to 18.72.0.3, and the following > two lines are the outgoing and incoming ESP packets for the ping. > > IN= OUT=eth1 SRC=65.96.190.200 DST=18.7.14.134 LEN=136 TOS=0x00 > PREC=0x00 TTL=64 ID=16725 PROTO=ESP SPI=0xc64a3155 > IN=eth1 OUT= MAC=00:05:02:f6:e9:1a:00:0b:5f:ee:2e:70:08:00 > SRC=18.7.14.134 DST=65.96.190.200 LEN=136 TOS=0x00 PREC=0x00 TTL=59 > ID=35754 PROTO=ESP SPI=0x51c85c4a
I've been looking over the KLIPS output to confirm your observation: that ESP packets are incoming on eth1, but you're never seeing so much as a blip in the KLIPS output. I do see packets getting logged by the FORWARD chain in your logs, but no LOG output like that you point out above. Your input rule appears valid - and aside from the prot !4 part, identical to your FORWARD rule, but that shouldn't matter: Chain INPUT (policy ACCEPT 57118 packets, 53M bytes) pkts bytes target prot opt in out source destination 1307 179K LOG !4 -- eth1 * 18.7.14.134 0.0.0.0/0 LOG flags 0 level 4 ... so shouldn't we be seeing those reply ESP packets LOGged as you show above, as well as those from the (similar) OUTPUT chain LOG rule? - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPzqwvkOSC4btEQUtAQFKmwP/Qa0YOUY6O6fHKEbjLWP+hiSCLtmcWHdU jd0xCNWLJEpZOStRSFQDM5X1DUgwqqwKFu4Ti0P0e3P64hFwJxgrLHMRhyYUHdvE mk0gUWGB/qTwYhdKzHuC4K08UNtNPp6fixzNzIaUzyq4avTGvrvG8PZSllMq76Nq UcglygH0Z3g= =QIdM -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
