Re: autofs and ssh fail over ipsec tunnel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/11/2017 01:32 PM, David A. De Graaf wrote:
(The other common suspect, selinux, is disabled.)

That's terrible. Stop turning off SELinux. You don't "find / -exec chmod 777 {} +" do you?

On the remote gateway. octopus, 'ipsec -L' output was dominated by
DROP lines from 'fail2ban', but no lines included string "192.168".
Remember, autofs and ssh DO WORK between the primary gateways;

Right. Those packets are governed by the INPUT and OUTPUT chains. Packets between any other hosts will be governed by the FORWARD chain. Potentially on both of the ipsec hosts, so we can't really proceed without seeing the rules.

all the needed services are allowed to pass the firewall.

You haven't demonstrated that yet, and I think it's too early to draw that conclusion.

The other thing you could to is run "tcpdump -nn -i any host octopus" on datium. Ping octopus from another machine on datium's subnet to make sure you see those packets in the tcpdump output. If so, then try to telnet to octopus:22 from the same machine. You should see the TCP SYN packet, just like you see the ICMP echo requests. If so, the problem is probably not a routing issue.

I tried to save the above files to
https://paste.fedoraproject.org/, but ordinary UNIX cut & paste
(highlight with B1, paste with B2) didn't seem to work. Sorry.

So use Shift+Ctrl+C to copy the terminal text and paste that as normal...
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux