[strongSwan] about strongswan nat error updown: iptables x.x.x.x: host/network `PH_IP_ALICE' not found

我爱臭豆腐 hao.wangbj at gmail.com
Mon Sep 9 10:27:59 CEST 2013 

iptable info :

root at ubuntu:/usr/local/etc# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports:
1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports:
1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
SNAT       all  --  192.168.5.0/24       anywhere             to:10.4.0.1
root at ubuntu:/usr/local/etc# iptables -L -v
Chain INPUT (policy ACCEPT 234 packets, 24245 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  eth1   eth0    192.168.5.0/24
anywhere
    0     0 ACCEPT     all  --  eth0   eth1    anywhere
192.168.5.0/24

Chain OUTPUT (policy ACCEPT 145 packets, 18811 bytes)
 pkts bytes target     prot opt in     out     source
destination


root at ubuntu:/usr/local/etc# ping 192.168.5.133
PING 192.168.5.133 (192.168.5.133) 56(84) bytes of data.
^C
--- 192.168.5.133 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6048ms



2013/9/9 我爱臭豆腐 <hao.wangbj at gmail.com>

> i change "Alice's physical IP" to 192.168.5.133
> root at ubuntu:~# iptables -L -v
> Chain INPUT (policy ACCEPT 1218 packets, 120K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 ACCEPT     udp  --  virbr0 any     anywhere
> anywhere             udp dpt:domain
>     0     0 ACCEPT     tcp  --  virbr0 any     anywhere
> anywhere             tcp dpt:domain
>     0     0 ACCEPT     udp  --  virbr0 any     anywhere
> anywhere             udp dpt:bootps
>     0     0 ACCEPT     tcp  --  virbr0 any     anywhere
> anywhere             tcp dpt:bootps
>
> Chain FORWARD (policy ACCEPT 2 packets, 142 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 ACCEPT     all  --  any    virbr0  anywhere
> 192.168.122.0/24     state RELATED,ESTABLISHED
>     0     0 ACCEPT     all  --  virbr0 any     192.168.122.0/24
> anywhere
>     0     0 ACCEPT     all  --  virbr0 virbr0  anywhere
> anywhere
>     0     0 REJECT     all  --  any    virbr0  anywhere
> anywhere             reject-with icmp-port-unreachable
>     0     0 REJECT     all  --  virbr0 any     anywhere
> anywhere             reject-with icmp-port-unreachable
>     0     0 ACCEPT     all  --  eth1   eth0    192.168.5.0/24
> 10.4.0.0/24
>     0     0 ACCEPT     all  --  eth0   eth1    10.4.0.0/24
> 192.168.5.0/24
>
> Chain OUTPUT (policy ACCEPT 800 packets, 115K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> root at ubuntu:~# ping 192.168.5.133
> PING 192.168.5.133 (192.168.5.133) 56(84) bytes of data.
> ^C
> --- 192.168.5.133 ping statistics ---
> 4 packets transmitted, 0 received, 100% packet loss, time 3000ms
>
> root at ubuntu:~# ifconfig eth1
> eth1      Link encap:Ethernet  HWaddr 00:0b:2f:57:58:24
>           inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
>           inet6 addr: fe80::20b:2fff:fe57:5824/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:4928 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:450 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:303325 (303.3 KB)  TX bytes:58532 (58.5 KB)
>
> but Alice's ip cann't connect 192.168.5.1 gw :-(
>
>
>
> 2013/9/9 Martin Willi <martin at strongswan.org>
>
>> Hi,
>>
>> > Sep  9 13:42:48 14[CHD] updown: iptables v1.4.12: host/network
>> > `PH_IP_ALICE' not found
>>
>> If you copy a raw updown script from the test suite, you'll have to
>> replace some variables by the IP addresses of these hosts. PH_IP_ALICE
>> stands for Alice's physical IP. It gets replaced automatically in the
>> test suite, but you'll have to do this manually when copying such a
>> file.
>>
>> Regards
>> Martin
>>
>>
>
>
> --
> 我爱臭豆腐
> 老老实实做人 认认真真做事
> email:hao.wangbj at gmail.com
>



-- 
我爱臭豆腐
老老实实做人 认认真真做事
email:hao.wangbj at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130909/d246e4db/attachment.html>

More information about the Users mailing list