[strongSwan] Why is strongswan keeping so many enttires in my iptables?????
Pawel Grzesik
pawel.grzesik at brainstorm.co.uk
Thu Mar 6 17:43:24 CET 2014
Can I see you configuration file?
Thanks,
Pawel
On 6 Mar 2014, at 16:31, Adrian Milanoski <amilanoski at blackberry.com> wrote:
> I have a giant list here…… Why is this happening?
>
> # iptables -L -n
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 10.244.134.24 0.0.0.0/0 policy match dir in pol ipsec reqid 333 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.24 policy match dir out pol ipsec reqid 333 proto 50
> ACCEPT all -- 10.244.134.23 0.0.0.0/0 policy match dir in pol ipsec reqid 331 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.23 policy match dir out pol ipsec reqid 331 proto 50
> ACCEPT all -- 10.244.134.24 0.0.0.0/0 policy match dir in pol ipsec reqid 329 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.24 policy match dir out pol ipsec reqid 329 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 328 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 328 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 327 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 327 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 326 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 326 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 325 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 325 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 324 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 324 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 322 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 322 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 321 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 321 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 319 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 319 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 317 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 317 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 316 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 316 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 315 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 315 proto 50
> ACCEPT all -- 10.244.134.23 0.0.0.0/0 policy match dir in pol ipsec reqid 313 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.23 policy match dir out pol ipsec reqid 313 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 312 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 312 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 311 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 311 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 309 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 309 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 306 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 306 proto 50
> ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 305 proto 50
> ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 305 proto 50
>
> Regards,
>
> Adrian Milanoski
> Lab Administrator
> BBOS WiFI VPN. Security Testing – R&D
> Tel.(289) 261-5801 | Cel: (647) 289-261-5801
> Email amilanoski at blackberry.com
>
>
> <image001.jpg><image002.jpg>
>
>
>
> From: Adrian Milanoski
> Sent: Wednesday, March 05, 2014 9:17 PM
> To: Adrian Milanoski; users at lists.strongswan.org
> Subject: RE: [strongSwan] Why is strongswan keeping so many enttires in my iptables?????
>
> Any update on why this is happening?
>
> Regards,
>
> Adrian Milanoski
> Lab Administrator
> BBOS WiFI VPN. Security Testing – R&D
> Tel.(289) 261-5801 | Cel: (647) 289-261-5801
> Email amilanoski at blackberry.com
>
>
> <image003.jpg><image004.jpg>
>
>
>
> From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of Adrian Milanoski
> Sent: Tuesday, March 04, 2014 5:50 PM
> To: users at lists.strongswan.org
> Subject: [strongSwan] Why is strongswan keeping so many enttires in my iptables?????
>
> HI list,
>
> I have 300+ entries in my iptables –L and restarting strongswan doesn’t clear them and it is a production GW that I cannot simple restart. How can I resolve this? And why is it happening so I can resolve it for the future?
>
> Thanks in advance
>
> Regards,
>
> Adrian Milanoski
> Lab Administrator
> BBOS WiFI VPN. Security Testing – R&D
> 4715 Tahoe Blvd, Mississauga, ON, Canada, L4W 0B5
> Tel.(289) 261-5801 | Fax.(905) 629-7836
> Email amilanoski at blackberry.com
>
>
> <image005.jpg><image006.jpg>
>
>
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/e7665db9/attachment-0001.html>
More information about the Users
mailing list