On Tuesday 15 October 2002 5:47 am, Thomas Smith wrote: > I need to be able to connect to clients IPSec VPN from > behind and iptables firewall. I know the VPN is > working and my firewall is masquing traffic but IPSec > doesn't work from systems behind my firewall. > > I've got a pretty basic firewall. It's simply masquing > internal traffic. > > Are there some iptables' rules or patches I'm missing? No patches needed. No special support in netfilter needed. Make sure you are forwarding (both ways :-) protocol 50 (ESP), protocol 51 (AH) and UDP sport 500 / dport 500 (IKE). Also make sure you are using IPsec in tunnel mode, not transport mode (transport mode will not work through NAT). Hope this helps, Antony. -- If the human brain were so simple that we could understand it, we'd be so simple that we couldn't.
