On Tuesday 15 February 2005 09:15, Ola Nilsson wrote: > I've got problems with getting IPSec (using NAT-T) traffic through my > Linux 2.6.10 based firewall. I've now changed my iptables script to > something rather simple: > > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE I've been struggling with this as well. Take a look at http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/firewall.html . I used this query to find this link and a number of others that could be helpful: "esp ipsec firewall rule" I added rules like the following (but to user chains that I then added to the input, output and forward chains) to solve my hassles (clipped from the freeswan link above): # allow IPsec # # IKE negotiations iptables -I INPUT -p udp --sport 500 --dport 500 -j ACCEPT iptables -I OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT # ESP encryption and authentication iptables -I INPUT -p 50 -j ACCEPT iptables -I OUTPUT -p 50 -j ACCEPT Good luck.
