On Wed, 1 Dec 2004 at 19:29 -0500, netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote: JO> On Wed, 2004-12-01 at 17:51, Helge Weissig wrote: JO> <snip> JO> > Here is my current iptables configuration JO> > JO> > $IPTABLES -P INPUT ACCEPT JO> > $IPTABLES -F INPUT JO> > $IPTABLES -P OUTPUT ACCEPT JO> > $IPTABLES -F OUTPUT JO> > $IPTABLES -P FORWARD DROP JO> > $IPTABLES -F FORWARD JO> > $IPTABLES -t nat -F JO> > JO> > echo "Enabling PORTFW Redirection on the external LAN.." JO> > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p esp -j ACCEPT JO> > $IPTABLES -A PREROUTING -t nat -d $VPN_SERVER -p esp -j DNAT \ JO> > --to-destination $VPN_CLIENT JO> JO> what on earth is that rule supposed to accomplish? it's says "any esp JO> packet destined for $VPN_SERVER should be destination translated to JO> $VPN_CLIENT." [snip] my bad... when I obfuscated my script, I should have used "$EXT_IP" or something like it. That IP and the VPN server's are very similar. [snip] JO> simplify: JO> JO> # start fresh JO> for t in mangle nat filter; do JO> iptables -t $t -F JO> iptables -t $t -X JO> iptables -t $t -Z JO> done JO> for c in INPUT FORWARD OUTPUT; do JO> iptables -P $c ACCEPT JO> done JO> JO> # hide-nat outbound traffic JO> iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE JO> JO> # ip forwarding JO> sysctl -w net.ipv4.ip_forward=1 JO> JO> try and connect with your VPN client to your VPN server with that JO> script. if you can't connect--it's more likely an IPSec configuration JO> detail that your missing. no such luck :(. I should note that the VPN connections works fine when I hook the client up directly to my DSL line. btw - it looks like your script does not forward anything from one of my interfaces to the other. cheers, h.
