Re: problem with VPN and iptables redirect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Jun 2004 10:10:37 +0200
sandra hernandez <sandra@xxxxxxxxxx> wrote:

> 
> The problem is when I execute this command with iptables in linux box:
>   iptables -t nat -I PREROUTING 1 -d x.x.x.x -j REDIRECT --to-port 80
>    (and all the policies are to ALLOW)
> The redirection fails...
> If I deactivate VPN, the redirection works ok.
Hi Sandra.

I'm not so experted but if you would give us more info everything would be simple :)

What about your IPsec Configuration?
What About the rest of iptables script?

Think about that if you want to redirect the connection when unecripted and you're using "transport Mode", or tunnel mode without change of address beetween clear and unecrypted connection you could have problems ... like you have :)

Why don't you try something like this? 

First Mark all packets that arrives Encrypted.

iptables -t mangle -I PREROUTING 1 -p 50 (or 51 if you use ah) -d X.X.X.X -j MARK --set-mark 10

This way all Encrypted packets are marked with a number that will remain also when they'll get Unencrypted and your IPSEC will think about authentication. After that the packets are unecrypted they will start a new "walk" in netfilter Chains, so you can redirect all marked packets

iptables -t nat -I PREROUTING 2 -m mark 10 -j REDIRECT --to-port 80


Don't know, but it could work. 

Bye




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux