Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kernel dropping silently port forwarding on port 500[SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
OPelerin
Guru
Guru


Joined: 17 Jul 2004
Posts: 334
Location: Belgium

PostPosted: Wed Dec 12, 2012 10:11 am    Post subject: kernel dropping silently port forwarding on port 500[SOLVED] Reply with quote

packets on port 53 are properly forwarded - same thing for port 6666

ironmaiden tmp # iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT

iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 6666 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 500 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 4500 -j DNAT --to-destination 172.16.0.1
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/24 -o wlan0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE


My kernel 3.6.6 has ipsec build in

Strongswan service is stopped. How can I overcome this problem without disabling ipsec in my kernel. [ kernel dropping silently udp 500 instead of forwarding]
_________________
Olivier PELERIN


Last edited by OPelerin on Tue Dec 18, 2012 9:57 am; edited 1 time in total
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Sat Dec 15, 2012 10:28 am    Post subject: Reply with quote

for me, i had to disable my masquerading rules, as they screwed everything up
and then let strongswan do its own iptables configuration.

i dont have any definitive ideas. doc is sparse, and this seems to be foreign territory. But once i nuked my masquerading rules, and instead let strongswap set up networks (it actually does have the ability to modify iptables), things worked just dandy.

Dont know how helpful that is, YMMV
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
OPelerin
Guru
Guru


Joined: 17 Jul 2004
Posts: 334
Location: Belgium

PostPosted: Tue Dec 18, 2012 9:57 am    Post subject: Reply with quote

Found the issue. It was because of Reverse Path forwarding checks turned on. That stuff was discarding silently the packet [ I had assymetric routing between Wlan and Eth0].
_________________
Olivier PELERIN
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum