#!/bin/sh kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -t nat -F kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -F kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# # NAT kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# # make sure that we never acidentially let ESP through. kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -N LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -A LOGDROP -j LOG kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -A LOGDROP -j DROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -I FORWARD 1 --proto 50 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# #iptables -I FORWARD 2 --destination 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# #iptables -I FORWARD 3 --source 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# # route kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# #iptables -I INPUT 1 --destination 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# # Display the table, so we know it is correct. kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.1.3.0/24 0.0.0.0/0 to:192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination LOGDROP esp -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOGDROP (1 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# echo done. done. kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09]# ipsec auto --status whack: Pluto is not running (no "/run/pluto/pluto.ctl") kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-09\[root@nic nat-pluto-09 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep 'Result using RFC 3947' /tmp/pluto.log' <<<<<<<<<