On Saturday 24 July 2004 9:14 am, Felix Joussein wrote:
> Hello List,
>
> I'm not new to iptables, but this problem is very strange:
>
> I have a Linux 2.4.26 + openswan ipsec + iptables 2.11 box with a cable
> modem to connect to the internet - so far:
> I have one single rule in the postrouting chain:
>
> iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
>
> This works fine - also my IPSec tunnel is working nice.
> But after a while - can't say how long, the connection from the lan
> thrue the linux box get lost.
> dmesg's Output is:
>
> MASQUERADE: Route sent us somewhere else.
> klips_error:ipsec_xmit_send: ip_send() failed, err=1
>
> This message repeats as long, as I remove the MASQ rule, and re-set it.
>
> Has anyone an idea about this issue?
Does your cable modem service provider change IP addresses on you on some
frequent basis?
Try checking ifconfig next time this happens (before and after the problem).
I expect you'll find that when things are working, both eth0 and ipsec0 have
the same IP address (acquired from the ISP by DHCP), but after the problem
has occurred, you'll probably see a different address on eth0, with the same
old one on ipsec0.
The solution is probably to take the IPsec tunnel down and bring it back up
again when the IP address on eth0 changes - I think you can do this from a
script called by the DHCP client daemon.
If it turns out you're not getting given a different IP address, perhaps you
can post the output from some diagnostics such as "route -n" or "ipsec look".
Regards,
Antony.
--
RTFM may be the appropriate reply, but please specify exactly which FM to R.
Please reply to the list;
please don't CC me.
