Menu
▾
▴
[Ipsec-tools-devel] new tests: VPN only works when using host's primary IP address
|
From: Juan N. <ju...@gm...> - 2006-11-07 22:11:39
|
Hi...
I received no answer from my previous post...
I installed now 2 new clean boxes in order to test, using all private IP
addresses
But this time I'm trying to rise up only 1 VPN, but using the secondary IP
address of BOX 1, which is now not on a subinterface, but on another
separate interface, another network card
And it doesn't work....
If I use BOX 1's primary address instead it works...
This is my conf trying to rise up only 1 VPN:
########################
# Box 1
########################
# dpkg -l | grep ipsec
ii ipsec-tools 0.5.2-1sarge1 IPsec tools for Linux
# dpkg -l | grep racoon
ii racoon 0.5.2-1sarge1 IPsec IKE keying daemon
# uname -a
Linux debian 2.6.8-3-686 #1 Thu Sep 7 03:38:22 UTC 2006 i686 GNU/Linux
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.249
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.250
dns-nameservers 192.168.0.1
auto eth1
iface eth1 inet static
address 192.168.0.250
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
auto eth2
iface eth2 inet static
address 10.10.0.1
netmask 255.255.255.0
network 10.10.0.0
broadcast 10.10.0.255
auto eth2:1
iface eth2:1 inet static
address 20.10.0.1
netmask 255.255.255.0
network 20.10.0.0
broadcast 20.10.0.255
# cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 20.10.0.1/32 20.20.0.1/32 any -P out ipsec esp/tunnel/192.168.0.250-
192.168.0.248/require;
spdadd 20.20.0.1/32 20.10.0.1/32 any -P in ipsec esp/tunnel/192.168.0.248-
192.168.0.250/require;
# cat /etc/racoon/psk.txt
192.168.0.248 test12
# cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote 192.168.0.248 {
exchange_mode main;
my_identifier address;
lifetime time 28800 sec;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 20.10.0.1/32 any address 20.20.0.1/32 any {
pfs_group 2;
lifetime time 3600 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
# ip ro ls
20.20.0.1 via 192.168.0.250 dev eth1 src 20.10.0.1
10.10.0.0/24 dev eth2 proto kernel scope link src 10.10.0.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.249
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.250
20.10.0.0/24 dev eth2 proto kernel scope link src 20.10.0.1
default via 192.168.0.250 dev eth0
########################
# Box 2
########################
# dpkg -l | grep ipsec
ii ipsec-tools 0.5.2-1sarge1 IPsec tools for Linux
# dpkg -l | grep racoon
ii racoon 0.5.2-1sarge1 IPsec IKE keying daemon
# uname -a
Linux debian 2.6.8-3-686 #1 Thu Sep 7 03:38:22 UTC 2006 i686 GNU/Linux
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.248
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
# dns-* options are implemented by the resolvconf package, if
installed
dns-nameservers 192.168.0.1
auto eth1
iface eth1 inet static
address 10.20.0.1
netmask 255.255.255.0
network 10.20.0.0
broadcast 10.20.0.255
auto eth1:1
iface eth1:1 inet static
address 20.20.0.1
netmask 255.255.255.0
network 20.20.0.0
broadcast 20.20.0.255
# cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 20.10.0.1/32 20.20.0.1/32 any -P in ipsec esp/tunnel/192.168.0.250-
192.168.0.248/require;
spdadd 20.20.0.1/32 20.10.0.1/32 any -P out ipsec esp/tunnel/192.168.0.248-
192.168.0.250/require;
# cat /etc/racoon/psk.txt
192.168.0.250 test12
# cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote 192.168.0.250 {
exchange_mode main;
my_identifier address;
lifetime time 28800 sec;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 20.20.0.1/32 any address 20.10.0.1/32 any {
pfs_group 2;
lifetime time 3600 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
# ip ro ls
20.10.0.1 via 192.168.0.248 dev eth0 src 20.20.0.1
10.20.0.0/24 dev eth1 proto kernel scope link src 10.20.0.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.248
20.20.0.0/24 dev eth1 proto kernel scope link src 20.20.0.1
default via 192.168.0.1 dev eth0
##################
When I start setkey and racoon on both hosts, and send a ping from one host
to the other one the VPN seems to rise up:
on BOX 1 I see:
# cat /var/log/daemon.log
Nov 7 19:56:59 debian racoon: INFO: unsupported PF_KEY message REGISTER
Nov 7 19:56:59 debian racoon: INFO: caught signal 15
Nov 7 19:57:00 debian racoon: INFO: racoon shutdown
Nov 7 19:57:00 debian racoon: INFO: @(#)ipsec-tools 0.5.2 (
http://ipsec-tools.sourceforge.net)
Nov 7 19:57:00 debian racoon: INFO: @(#)This product linked OpenSSL
0.9.7e25 Oct 2004 (
http://www.openssl.org/)
Nov 7 19:57:01 debian racoon: INFO: 127.0.0.1[500] used as isakmp port
(fd=8)
Nov 7 19:57:01 debian racoon: INFO: 127.0.0.1[500] used for NAT-T
Nov 7 19:57:01 debian racoon: INFO: 192.168.0.249[500] used as isakmp port
(fd=9)
Nov 7 19:57:01 debian racoon: INFO: 192.168.0.249[500] used for NAT-T
Nov 7 19:57:01 debian racoon: INFO: 192.168.0.250[500] used as isakmp port
(fd=10)
Nov 7 19:57:01 debian racoon: INFO: 192.168.0.250[500] used for NAT-T
Nov 7 19:57:01 debian racoon: INFO: 10.10.0.1[500] used as isakmp port
(fd=11)
Nov 7 19:57:01 debian racoon: INFO: 10.10.0.1[500] used for NAT-T
Nov 7 19:57:01 debian racoon: INFO: 20.10.0.1[500] used as isakmp port
(fd=12)
Nov 7 19:57:01 debian racoon: INFO: 20.10.0.1[500] used for NAT-T
Nov 7 19:57:01 debian racoon: INFO: ::1[500] used as isakmp port (fd=13)
Nov 7 19:57:01 debian racoon: INFO: fe80::250:4ff:fed3:bb9d%eth0[500] used
as isakmp port (fd=14)
Nov 7 19:57:01 debian racoon: INFO: fe80::250:4ff:fecf:20b1%eth1[500] used
as isakmp port (fd=15)
Nov 7 19:57:01 debian racoon: INFO: fe80::250:daff:feb3:db45%eth2[500] used
as isakmp port (fd=16)
Nov 7 19:57:17 debian racoon: INFO: IPsec-SA request for
192.168.0.248queued due to no phase1 found.
Nov 7 19:57:17 debian racoon: INFO: initiate new phase 1 negotiation:
192.168.0.250[500]<=>192.168.0.248[500]
Nov 7 19:57:17 debian racoon: INFO: begin Identity Protection mode.
Nov 7 19:57:17 debian racoon: INFO: received Vendor ID: DPD
Nov 7 19:57:17 debian racoon: INFO: ISAKMP-SA established 192.168.0.250
[500]-192.168.0.248[500] spi:8b5798310685deb9:60872345d290fa0c
Nov 7 19:57:18 debian racoon: INFO: initiate new phase 2 negotiation:
192.168.0.250[0]<=>192.168.0.248[0]
Nov 7 19:57:19 debian racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.0.248->192.168.0.250 spi=99414467(0x5ecf1c3)
Nov 7 19:57:19 debian racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.0.250->192.168.0.248 spi=233314950(0xde81a86)
# setkey -D
192.168.0.250 192.168.0.248
esp mode=tunnel spi=233314950(0x0de81a86) reqid=0(0x00000000)
E: 3des-cbc 610ac72e 4ea36fb2 8c6ffd98 ffaadddc cbc4103b bb787425
A: hmac-md5 2fa9ee36 a2e3d4ab 60533a72 e9dbafe2
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Nov 7 19:57:19 2006 current: Nov 7 19:58:52 2006
diff: 93(s) hard: 3600(s) soft: 2880(s)
last: Nov 7 19:57:20 2006 hard: 0(s) soft: 0(s)
current: 408(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=1 pid=2339 refcnt=0
192.168.0.248 192.168.0.250
esp mode=tunnel spi=99414467(0x05ecf1c3) reqid=0(0x00000000)
E: 3des-cbc 97e71617 fa18958c c0b03bee 3426d1ae 821fb8d2 714e49b2
A: hmac-md5 0da0e554 1c499d06 c1bd83d9 175a797a
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Nov 7 19:57:19 2006 current: Nov 7 19:58:52 2006
diff: 93(s) hard: 3600(s) soft: 2880(s)
last: Nov 7 19:57:20 2006 hard: 0(s) soft: 0(s)
current: 252(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=0 pid=2339 refcnt=0
# setkey -DP
20.20.0.1[any] 20.10.0.1[any] any
in ipsec
esp/tunnel/192.168.0.248-192.168.0.250/require
created: Nov 7 19:56:59 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=808 seq=20 pid=2340
refcnt=1
20.10.0.1[any] 20.20.0.1[any] any
out ipsec
esp/tunnel/192.168.0.250-192.168.0.248/require
created: Nov 7 19:56:59 2006 lastused: Nov 7 19:57:22 2006
lifetime: 0(s) validtime: 0(s)
spid=801 seq=19 pid=2340
refcnt=3
20.20.0.1[any] 20.10.0.1[any] any
fwd ipsec
esp/tunnel/192.168.0.248-192.168.0.250/require
created: Nov 7 19:56:59 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=818 seq=18 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=955 seq=17 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=939 seq=16 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=923 seq=15 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=907 seq=14 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=891 seq=13 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=875 seq=12 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused: Nov 7 19:57:19 2006
lifetime: 0(s) validtime: 0(s)
spid=859 seq=11 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=843 seq=10 pid=2340
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=827 seq=9 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=964 seq=8 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=948 seq=7 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=932 seq=6 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=916 seq=5 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=900 seq=4 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=884 seq=3 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused: Nov 7 19:57:19 2006
lifetime: 0(s) validtime: 0(s)
spid=868 seq=2 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=852 seq=1 pid=2340
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:57:01 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=836 seq=0 pid=2340
refcnt=1
and on BOX 2 I see:
# cat /var/log/daemon.log
Nov 7 19:56:00 debian2 racoon: INFO: purged IPsec-SA proto_id=ESP
spi=191805744.
Nov 7 19:56:01 debian2 racoon: INFO: purged ISAKMP-SA proto_id=ISAKMP
spi=1b0bc08c5f871dc1:e3b18b7da0f3a158.
Nov 7 19:56:02 debian2 racoon: INFO: ISAKMP-SA deleted 192.168.0.248[500]-
192.168.0.250[500] spi:1b0bc08c5f871dc1:e3b18b7da0f3a158
Nov 7 19:56:08 debian2 racoon: INFO: unsupported PF_KEY message REGISTER
Nov 7 19:56:08 debian2 racoon: INFO: caught signal 15
Nov 7 19:56:09 debian2 racoon: INFO: racoon shutdown
Nov 7 19:56:09 debian2 racoon: INFO: @(#)ipsec-tools 0.5.2 (
http://ipsec-tools.sourceforge.net)
Nov 7 19:56:09 debian2 racoon: INFO: @(#)This product linked OpenSSL
0.9.7e25 Oct 2004 (
http://www.openssl.org/)
Nov 7 19:56:10 debian2 racoon: INFO: 127.0.0.1[500] used as isakmp port
(fd=8)
Nov 7 19:56:10 debian2 racoon: INFO: 127.0.0.1[500] used for NAT-T
Nov 7 19:56:10 debian2 racoon: INFO: 192.168.0.248[500] used as isakmp port
(fd=9)
Nov 7 19:56:10 debian2 racoon: INFO: 192.168.0.248[500] used for NAT-T
Nov 7 19:56:10 debian2 racoon: INFO: 10.20.0.1[500] used as isakmp port
(fd=10)
Nov 7 19:56:10 debian2 racoon: INFO: 10.20.0.1[500] used for NAT-T
Nov 7 19:56:10 debian2 racoon: INFO: 20.20.0.1[500] used as isakmp port
(fd=11)
Nov 7 19:56:10 debian2 racoon: INFO: 20.20.0.1[500] used for NAT-T
Nov 7 19:56:10 debian2 racoon: INFO: ::1[500] used as isakmp port (fd=12)
Nov 7 19:56:10 debian2 racoon: INFO: fe80::250:4ff:fed3:9f6b%eth0[500] used
as isakmp port (fd=13)
Nov 7 19:56:10 debian2 racoon: INFO: fe80::250:4ff:fed3:bbbb%eth1[500] used
as isakmp port (fd=14)
Nov 7 19:56:19 debian2 racoon: INFO: respond new phase 1 negotiation:
192.168.0.248[500]<=>192.168.0.250[500]
Nov 7 19:56:19 debian2 racoon: INFO: begin Identity Protection mode.
Nov 7 19:56:19 debian2 racoon: INFO: received Vendor ID: DPD
Nov 7 19:56:19 debian2 racoon: INFO: ISAKMP-SA established 192.168.0.248
[500]-192.168.0.250[500] spi:8b5798310685deb9:60872345d290fa0c
Nov 7 19:56:20 debian2 racoon: INFO: respond new phase 2 negotiation:
192.168.0.248[0]<=>192.168.0.250[0]
Nov 7 19:56:20 debian2 racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.0.250->192.168.0.248 spi=233314950(0xde81a86)
Nov 7 19:56:20 debian2 racoon: INFO: IPsec-SA established: ESP/Tunnel
192.168.0.248->192.168.0.250 spi=99414467(0x5ecf1c3)
# setkey -D
192.168.0.250 192.168.0.248
esp mode=tunnel spi=233314950(0x0de81a86) reqid=0(0x00000000)
E: 3des-cbc 610ac72e 4ea36fb2 8c6ffd98 ffaadddc cbc4103b bb787425
A: hmac-md5 2fa9ee36 a2e3d4ab 60533a72 e9dbafe2
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Nov 7 19:56:20 2006 current: Nov 7 19:58:23 2006
diff: 123(s) hard: 3600(s) soft: 2880(s)
last: Nov 7 19:56:21 2006 hard: 0(s) soft: 0(s)
current: 252(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=1 pid=2407 refcnt=0
192.168.0.248 192.168.0.250
esp mode=tunnel spi=99414467(0x05ecf1c3) reqid=0(0x00000000)
E: 3des-cbc 97e71617 fa18958c c0b03bee 3426d1ae 821fb8d2 714e49b2
A: hmac-md5 0da0e554 1c499d06 c1bd83d9 175a797a
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Nov 7 19:56:20 2006 current: Nov 7 19:58:23 2006
diff: 123(s) hard: 3600(s) soft: 2880(s)
last: Nov 7 19:56:21 2006 hard: 0(s) soft: 0(s)
current: 408(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=0 pid=2407 refcnt=0
# setkey -DP
20.10.0.1[any] 20.20.0.1[any] any
in ipsec
esp/tunnel/192.168.0.250-192.168.0.248/require
created: Nov 7 19:56:08 2006 lastused: Nov 7 19:56:23 2006
lifetime: 0(s) validtime: 0(s)
spid=3040 seq=16 pid=2408
refcnt=2
20.20.0.1[any] 20.10.0.1[any] any
out ipsec
esp/tunnel/192.168.0.248-192.168.0.250/require
created: Nov 7 19:56:08 2006 lastused: Nov 7 19:56:23 2006
lifetime: 0(s) validtime: 0(s)
spid=3057 seq=15 pid=2408
refcnt=2
20.10.0.1[any] 20.20.0.1[any] any
fwd ipsec
esp/tunnel/192.168.0.250-192.168.0.248/require
created: Nov 7 19:56:08 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3050 seq=14 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3163 seq=13 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3147 seq=12 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3131 seq=11 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3115 seq=10 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3099 seq=9 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused: Nov 7 19:56:20 2006
lifetime: 0(s) validtime: 0(s)
spid=3083 seq=8 pid=2408
refcnt=1
(per-socket policy)
in none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3067 seq=7 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3172 seq=6 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3156 seq=5 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3140 seq=4 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3124 seq=3 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3108 seq=2 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused: Nov 7 19:56:20 2006
lifetime: 0(s) validtime: 0(s)
spid=3092 seq=1 pid=2408
refcnt=1
(per-socket policy)
out none
created: Nov 7 19:56:10 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3076 seq=0 pid=2408
refcnt=1
Everything seems fine, but I can not send traffic between 20.10.0.1 and
20.20.0.1... nothing happens...
If I set up the same VPN, but using 192.168.0.249 in BOX 1, everything works
fine...
192.168.0.249 is the BOX 1's main IP address on eth0....
Why doesn't the VPN work when using the IP address 192.168.0.250 from
eth1???
Any clues??
I'm stuck with this... and having to use another host for rising up both
VPN's at the same time is like nonsense...
Before anyone asks, there are no firewall rules :)
BOX 1:
# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
BOX 2:
# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thanks in advance,
Juan
|