[Vuurmuur-users] Ping being dropped while all rules seem to say ALLOW

Thu, 19 Apr 2007 09:22:30 -0700 

Hello,
 
The situation:
192.168.1.x = India office LAN
192.168.1.1 = Linux firewall with Vuurmuur and OpenSwan for VPN
192.168.1.2 = Server
 
192.168.70.x = Vancouver office LAN
192.168.70.1 = Linux firewall with Vuurmuur
192.168.70.29 = My workstation
 
There is a VPN between Mumbai and Vancouver. On the India side that
comes in via interface ipsec0
 
When I ping from Mumbai (server) to Vancouver (workstation) I see..
 
Apr 19 23:17:46 INAKFW001 kernel: vrmr: ACCEPT  IN=eth0 OUT=ipsec0
SRC=192.168.1.2 DST=192.168.70.29 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=58266 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=27425

Apr 19 23:17:46 INAKFW001 kernel: vrmr: DROP fw policy IN=ipsec0
OUT=eth0 SRC=192.168.70.29 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00
TTL=125 ID=34743 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=27425
 
In the logview interface that shows as ping and ping reply. As you can
see the timestamp is within one second. Rule that should allow this
traffic:
 
# rule 28: Accept service any from WSBAS.Main.Vancouver_Zone to
Main.LAN_Zone options log,loglimit="20"
/sbin/iptables -t filter -A FORWARD -i ipsec0 -o eth0  -s
192.168.70.29/255.255.255.255  -d 192.168.1.0/255.255.255.0    -m state
--state NEW -j LOG --log-prefix "vrmr: ACCEPT  " --log-level debug
/sbin/iptables -t filter -A FORWARD -i ipsec0 -o eth0  -s
192.168.70.29/255.255.255.255  -d 192.168.1.0/255.255.255.0    -m state
--state NEW -j NEWACCEPT
 
# rule 29: Accept service any from Main.Vancouver_Zone to Main.LAN_Zone
options log,loglimit="20"
/sbin/iptables -t filter -A FORWARD -i ipsec0 -o eth0  -s
192.168.70.0/255.255.255.0  -d 192.168.1.0/255.255.255.0    -m state
--state NEW -j LOG --log-prefix "vrmr: ACCEPT  " --log-level debug
/sbin/iptables -t filter -A FORWARD -i ipsec0 -o eth0  -s
192.168.70.0/255.255.255.0  -d 192.168.1.0/255.255.255.0    -m state
--state NEW -j NEWACCEPT
 
Rule 29 is for testing
 
What could be the cause. Are the SEQ nr's supposed to be the same?
 
Bas
 
 
 
 


- --------------------
This email is confidential and may be privileged. If you have received this 
email in error please delete it and inform the sender immediately. Unauthorized 
distribution or use is strictly prohibited and may result in penalties and/or 
damages.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users

Reply via email to