I have tried to get the right iptables rules to work for a vpn connection. Usually anything going out this rh8 box works fine. Why do I need to punch a hole for the vpn.? I have noticed that holes need to be punched for the dns and bootp, but why - when this box is the originator of the traffic? I have finally gotten these rulles to work in that the vpn loads, but the vpn still does not work right. The only way I can get it to work right is to turn iptables off (service iptables stop). These are the rules: -A RH-Lokkit-0-50-INPUT -m udp -s 1.2.3.0/24 -d 0/0 --dport 800 -p udp -j ACCEPT -A RH-Lokkit-0-50-INPUT -m udp -s 1.2.3.0/24 -d 0/0 --dport 8400 -p udp -j ACCEPT What else do I need to do to get the vpn to work on the network 1.2.3.0 on ports 500 and 4500? These work for someone that use ipchains: -A input -p udp -s 1.2.3.0/24 -d 0/0 800 -j ACCEPT -A input -p udp -s 1.2.3.0/24 -d 0/0 8400 -j ACCEPT Are the iptables rules above converted right? thanks, wj
