#!/bin/sh kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# # setup port/protocol forward to east kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# iptables -t nat -I PREROUTING -p udp -d 192.1.3.254 --dport 500 -j DNAT --to-destination 192.1.2.23 kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# iptables -t nat -I PREROUTING -p esp -d 192.1.3.254 -j DNAT --to-destination 192.1.2.23 kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# # Display the table, so we know it is correct. kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT esp -- anywhere nic to:192.1.2.23 DNAT udp -- anywhere nic udp dpt:isakmp to:192.1.2.23 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11]# ipsec auto --status whack: Pluto is not running (no "/run/pluto/pluto.ctl") kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-11\[root@nic nat-pluto-11 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<