Hello, thank you Antony for your quick and very helpful answer!! On Mi, 2004-07-07 at 15:53, Antony Stone wrote: > > With this Setup, is there anything that can be done with IPTables to > > make the transport mode work w/o NAT-T? > > I can think of two ways: > 1. Put a genuine public IP address on the destination Security Gateway > machine, routed through the firewall without nat. This sounds really good. How do I tell iptables not to perform NAT for IPSec? Currently the firewall is a Test-Setup with IPCop. Since the IpCop-Interface does not support ESP I added these iptables rules to the zillions of rules put in place by ipcop to make it work, probably a bit to open anyway :-) : iptables -A INPUT -p 50 -j ACCEPT iptables -A OUTPUT -p 50 -j ACCEPT iptables -A FORWARD -p 50 -j ACCEPT How would I modify these to pass on the packets without NAT? Thanks a lot, Rainer Arnst
