iptables -t nat -F kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -F kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# # NAT kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# # make sure that we never acidentially let ESP through. kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -N LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -A LOGDROP -j LOG kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -A LOGDROP -j DROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# # kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -I FORWARD 1 --proto 50 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -I FORWARD 2 --destination 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -I FORWARD 3 --source 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# # route kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -I INPUT 1 --destination 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# # Display the table, so we know it is correct. kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.1.3.0/24 0.0.0.0/0 to:192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination LOGDROP all -- 0.0.0.0/0 192.0.2.0/24 Chain FORWARD (policy ACCEPT) target prot opt source destination LOGDROP esp -- 0.0.0.0/0 0.0.0.0/0 LOGDROP all -- 0.0.0.0/0 192.0.2.0/24 LOGDROP all -- 192.0.2.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOGDROP (4 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# echo initdone initdone kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# grep -E '(inserting|handling) event (EVENT_v1_SEND_XAUTH|EVENT_RETRANSMIT)' OUTPUT/east.pluto.log | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #1 | handling event EVENT_v1_SEND_XAUTH for parent state #1 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | handling event EVENT_RETRANSMIT for parent state #1 | handling event EVENT_RETRANSMIT for 192.1.2.254 "east-road"[1] 192.1.2.254 #1 keying attempt 0 of 1; retransmit 1 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #1 | handling event EVENT_v1_SEND_XAUTH for parent state #1 | handling event EVENT_RETRANSMIT for parent state #1 | handling event EVENT_RETRANSMIT for 192.1.2.254 "east-road"[1] 192.1.2.254 #1 keying attempt 0 of 1; retransmit 2 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #1 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #1 | handling event EVENT_v1_SEND_XAUTH for parent state #1 | handling event EVENT_RETRANSMIT for parent state #1 | handling event EVENT_RETRANSMIT for 192.1.2.254 "east-road"[1] 192.1.2.254 #1 keying attempt 0 of 1; retransmit 3 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #2 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #2 | handling event EVENT_v1_SEND_XAUTH for parent state #2 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #2 kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop]# ipsec auto --status whack: Pluto is not running (no "/run/pluto/pluto.ctl") kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-21-main-xr0-drop\[root@nic xauth-pluto-21-main-xr0-drop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<