I have a Linux box (RedHat 7.3, kernel 2.4.18-19.7) working with IPtables v.1.2.5.
I have installed a VPN client from NetLock (IPSEC), ver. 2.1.1-0, www.netlock.org.
Everything works fine except the stateful rules, I mean:
- Once I connect through the VPN tunnel (it is using ISAKMP (UDP,500) and ESP (IP prot. 50)) I cannot use UDP or TCP protocols just filtering based on the following rule:
From /etc/sysconfig/iptables: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
When working without VPN tunnel, just Internet connected, all the protocols work fine, as for example, UDP dns resolution or TCP telnet, ssh or http sessions.
When the tunnel has been established, it seems that IPTables cannot extract the stateful information from the encapsulated packets (IPSec, ESP), so it only works using old stateless rules as:
-A INPUT -s 0/0 -d 0/0 -p tcp ! --syn -j ACCEPT
Any help and information about when the IPTables stateful processing when using IPSec takes place will be appreciated,
Best Regards, Raúl
