Am Donnerstag, 21. April 2005 14:57 schrieb Herbert Xu:
> Wolfgang Walter <wolfgang.walter@xxxxxxxxxxxxxxxxxxxx> wrote:
> > 5. then it disappears (it is NOT dropped by iptables)
> > especially it is not seen in FORWARD (mangle-table).
> >
> > The route to E on C is a host route via 10.148.15.10.
>
> Please show us the output of "ip ru" and "ip ro".
>
ip ru
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
> > src 10.148.4.0/28 dst 10.0.25.210/32
> > dir in priority 2084
> > tmpl src 192.168.9.237 dst 192.168.77.161
> > proto esp spi 0x00000000 reqid 16465 mode tunnel
> >
> > src 10.148.4.0/28 dst 10.0.25.210/32
> > dir out priority 0
> >
> > src 10.148.4.0/28 dst 10.0.25.210/32
> > dir fwd priority 2084
> > tmpl src 192.168.9.237 dst 192.168.77.161
> > proto esp spi 0x00000000 reqid 16465 mode tunnel
>
> Please attach the complete output of "ip x p".
Is attached.
>
> > Interestingly, the original scenario works fine when we use kernel
> > 2.6.7-rc1 instead of 2.6.11.7 and setkey from ipsec-tools 0.3.3. In this
> > case there are
>
> What if you use the new ipsec-tools against the old kernel?
I can try that but can do that only friday evening. Do you expect any
difference?
We used ip x p to look at the rules generatet with setkey on that old system.
Actually, setkey could not display these policies (too many rules). The
output of ip x p is identical to the above, only no fwd rule at all and all
rules have the same priority (the order is same, though).
>
> Cheers,
Thanks,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
Leopoldstraße 15
80802 München
01_mail_ro
Description: Text document
01_mail_spd
Description: Text document
|