|
Dear all,
I got a funny problem here and got no idea why it
happen.
my simple network is
A
|(eth0)
GWa
||(eth1)
||
||(eth1)
GWb
|(eth0)
I running netfilter with freeswan, I add a rule in
FORWARD chain to drop all packets forward from
internal iface(eth0) to public
iface(eth1).
iptables - A FORWARD -i eth0 -i
eth1 -j DROP
it works fine when , when i try to ping GWb's eth0
from machine A, it get blocked.
however once I start up the IPSEC, I do the ping
again and A can ping GWb's eth0. The rule in FORWARD chain is still
there.
Why does this happen? Is that anyway I can fix
this?
Thanks very much
Calvin
|
