ce of IPSec traffic. eth1 = untrusted side eth0 = trusted side > > INPUT: > $IPTABLES -A INPUT -i eth1 -p 50 -j ACCEPT > $IPTABLES -A INPUT -i eth1 -p 51 -j ACCEPT > $IPTABLES -A INPUT -i eth1 -p UDP --dport 500 -j ACCEPT > > FORWARD: > $IPTABLES -A FORWARD -i eth0 -o ipsec+ -j ACCEPT > $IPTABLES -A FORWARD -i ipsec+ -o eth0 -j ACCEPT > > OUTPUT: > $IPTABLES -A OUTPUT -p 50 -j ACCEPT > $IPTABLES -A OUTPUT -p 51 -j ACCEPT > $IPTABLES -A INPUT -p udp -m udp --dport 500 -j ACCEPT Looks good that?s pretty much what I have. 'cept I actually specify ah and eps for my protocol. Don?t forget not to masquarade outgoing packates through your vpn. Since I have a net to net connection that is fairly definate I only allow connections from my trusted hosts.
