OK, I've given several more hours (thrashing about wildly, in most cases)
and have got slightly further in that I am now at least getting a reply from
the server. Below are the net and ip outputs, together with the log window
from the Cisco client (in case it means anything to anyone).
Sorry for only saying this now, but it could possibly be a problem with the
client/server - I only got the software installed on the last day before we
closed for the holidays. I'll therefore try to give it a go connecting
direct to my cable modem - unfortunately this is a lengthy process since the
ISP holds the lease (with MAC address) of the firewall/router for about 4-5
hours and doesn't let another device connect! Will therefore have to wait
for a 10 hour window when my better half doesn't want to use the
PC..........Wednesday, perhaps!!
net ipfilter list
Chain input (policy DENY: 4 packets, 782 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.2.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
81.98.149.194 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.1.0/24 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.2.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 10000 -> 10000
5 4972 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 500 -> 500
0 0 ACCEPT 50 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 1723 -> *
0 0 ACCEPT 47 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 113
9 522 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 500
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 10000
0 0 DENY udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 67
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 ACCEPT icmp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 ACCEPT 50 ------ 0xFF 0x00 eth0
0.0.0.0/0 81.98.149.194 n/a
0 0 ACCEPT 47 ------ 0xFF 0x00 eth0
0.0.0.0/0 81.98.149.194 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 161:162 -> *
26 1629 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
12 4563 MASQ all ------ 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 MASQ all ------ 0xFF 0x00 eth0
192.168.2.0/24 0.0.0.0/0 n/a
0 0 MASQ udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 10000 -> 10000
0 0 MASQ udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 500 -> 500
0 0 MASQ 50 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 MASQ tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 1723
0 0 MASQ 47 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
45 25520 fairq all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
192.168.2.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
5 4972 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 500 -> 500
0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 10000 -> 10000
0 0 ACCEPT 50 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 1723
0 0 ACCEPT 47 ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
40 20548 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 179
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 179 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 22 -> *
AutoFW:
Type Prot Low High Vis Hid Where Last CPto CPrt Timer Flags
1 11 1B3A-1C02/0000 0000 00000000 00000000 0006 1B9E 0 6
MarkFW:
fwmark rediraddr rport pcnt pref
PortFW:
prot localaddr rediraddr lport rport pcnt pref
firewall: -root-
# ip addr
1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:cc:d3:77:76 brd ff:ff:ff:ff:ff:ff
inet 81.98.149.194/24 brd 255.255.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:24:4b:4b:45 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:20:e0:ff:00:10 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2
firewall: -root-
# ip route
192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
81.98.149.0/24 dev eth0 proto kernel scope link src 81.98.149.194
default via 81.98.149.254 dev eth0
firewall: -root-
#
569 13:25:34.540 12/23/02 Sev=Info/6 DIALER/0x63300002
Initiating connection.
570 13:25:34.540 12/23/02 Sev=Info/4 CM/0x63100002
Begin connection process
571 13:25:34.590 12/23/02 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
572 13:25:34.590 12/23/02 Sev=Info/4 CM/0x63100026
Attempt connection with server "217.33.115.21"
573 13:25:34.590 12/23/02 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 217.33.115.21.
574 13:25:34.760 12/23/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID, VID) to
217.33.115.21
575 13:25:34.760 12/23/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
576 13:25:39.760 12/23/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 217.33.115.21
577 13:25:44.760 12/23/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 217.33.115.21
578 13:25:45.300 12/23/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 217.33.115.21
579 13:25:45.300 12/23/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO (NOTIFY:NO_PROPOSAL_CHOSEN) from 217.33.115.21
580 13:25:45.300 12/23/02 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id:
0x00000000)
581 13:25:45.300 12/23/02 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation
582 13:25:45.300 12/23/02 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "217.33.115.21" because of
"DEL_REASON_IKE_NEG_FAILED"
583 13:25:45.300 12/23/02 Sev=Info/5 CM/0x63100029
Initializing CVPNDrv
584 13:25:45.360 12/23/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_IKE_ESTABLISH_FAIL" (3h).
585 13:25:45.410 12/23/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
