I am trying to ssh from a machine (192.168.10.198) behind machine A
(192.168.10.200) to 192.168.20.33.
Between machine A and machine B there is a ipsec vpn.
Config for this vpn:
conn in2one-to-adept
type=tunnel
connaddrfamily=ipv4
left=196.44.33.190
leftnexthop=%direct
leftsubnet=192.168.20.0/24
leftid=neon@adept
leftrsasigkey=bla
right=196.44.33.114
rightnexthop=%direct
rightsubnet=192.168.10.0/24
rightid=fw@in2one
rightrsasigkey=bla
auto=start
Then machine B must rewrite any packets (on all ports) to 192.168.20.33 ,the
destination to 192.168.241.65 and the source to 196.44.33.118
Between machine B and C is a ipsec vpn:
Config:
conn obw
type=tunnel
connaddrfamily=ipv4
left=196.44.33.190
leftnexthop=%direct
leftsubnet=196.44.33.118/32
right=168.167.251.89
rightnexthop=%direct
rightsubnet=192.168.241.65/32
rightid=193.219.215.3
authby=secret
esp=3des-md5-96
#esp=3des-md5
keyexchange=ike
pfs=no
auto=start
If I ssh from from machine b with the following:
ssh -b 196.44.33.118 jan@192.168.241.65
It works.
If I ssh from 192.168.10.198 then the following is seen on machine B''s
syslog
> Shorewall:net_dnat:DNAT:IN=eth0 OUT>
MAC=00:13:72:3f:74:20:00:12:00:6c:ea:d0:08:00 SRC=192.168.10.198
> DST=192.168.20.33 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 9 20:58:16 neon
> kernel: [43844718.340000] Shorewall:net2all:DROP:IN=eth0 OUT=eth0
> SRC=192.168.10.198
> DST=192.168.241.65 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=42453 DF
> PROTO=TCP
> SPT=60171 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Hope this make it more clear.
Let me know If I can give anymore information.
Regards
Jan van der Vyver
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV