0

I have a endian firewall and a established IPsec tunnel. The firewall is in the network 192.168.100.0/24 and has the address 192.168.100.1. The hosts that I try to ping are in the network 10.4.0.0/32 and the specific addresses are 10.4.0.198 and 10.4.0.199. Between the network 192.168.100.0/24 and 10.4.0.0/32 is that IPsec tunnel. The ping from the firewall itself to the host 10.4.0.198 works, but if I try to ping these hosts with a windows pc behind the firewall it doesn't work. Any suggestion what could be the problem? I already added the rule iptables -A FORWARD -p icmp -d 10.4.0.0/32 -s 0.0.0.0/0 -j ACCEPT but it still doesn't work. The iptables are huge so it wouldn't be of advantage if i post every code. But here is the output from route:

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

defaultHSI-KBW-46-237- 0.0.0.0 UG 0 0 0 eth1

1.1.1.0 * 255.255.255.0 U 0 0 0 eth2

10.31.1.0 vpn.svsnls.neug 255.255.255.0 UG 0 0 0 br0

10.255.255.0 vpn.admedespfor 255.255.255.0 UG 0 0 0 br0

46.237.253.64 * 255.255.255.192 U 0 0 0 eth1

192.168.4.0 vpn.jurabadgosh 255.255.255.0 UG 0 0 0 br0

192.168.8.0 vpn.grundschule 255.255.255.0 UG 0 0 0 br0

...

TheWhiteJoker
  • 1
  • 2

1 Answers1

0

10.4.0.0/32 it's a single host and not a subnet, this is why is not working, you should modify the subnet with the right network mask

daniele@bart:~$ sipcalc 10.4.0.0/32
-[ipv4 : 10.4.0.0/32] - 0

[CIDR]
Host address        - 10.4.0.0
Host address (decimal)  - 168034304
Host address (hex)  - A040000
Network address     - 10.4.0.0
Network mask        - 255.255.255.255
Network mask (bits) - 32
Network mask (hex)  - FFFFFFFF
Broadcast address   - 10.4.0.0
Cisco wildcard      - 0.0.0.0
Addresses in network    - 1
Network range       - 10.4.0.0 - 10.4.0.0
DarkVex
  • 368
  • 1
  • 14