Hi, Thomas Smith [mailto:hpcaz@yahoo.com] wrote: >=20 > I need to be able to connect to clients IPSec VPN from > behind and iptables firewall. I know the VPN is > working and my firewall is masquing traffic but IPSec > doesn't work from systems behind my firewall. >=20 > I've got a pretty basic firewall. It's simply masquing > internal traffic. >=20 > Are there some iptables' rules or patches I'm missing? >=20 Well, you only need to allow udp port 500 traffic for IKE, and protocols 50 (ESP) and 51 (AH). However, you will find that most types of AH and NAT don't=20 mix all that well, unless you do some really clever (read:=20 hackish) NAT tricks. Basically, the IP addresses on both=20 sides may not be NAT'ted. If you use NAT, you must NAT the addresses back before they reach the other side. Regards, Filip
