On Sun, Jun 08, 2003 at 04:07:11PM +1000, Calvin spoke thusly: >I running netfilter with freeswan, I add a rule in FORWARD chain to drop >all packets forward from internal iface(eth0) to public iface(eth1). > iptables - A FORWARD -i eth0 -i eth1 -j DROP Should that be 'iptables -A OUTPUT -i eth0 -o eth1 -j DROP' instead ? >however once I start up the IPSEC, I do the ping again and A can ping >GWb's eth0. The rule in FORWARD chain is still there. iptables -A OUTPUT -p all -o eth1 -d GWb-IP-address -j DROP >Why does this happen? Is that anyway I can fix this? Explain your IPsec setup in detail, and then we can give you a proper answer without guesswork.
