As far as I know, you would not need anything on the Linux box. It will all depend on whether the clients and server IPSEC implementation support IPSEC NAT T(raversal). Microsofts IPSEC implementation does. But has some drawbacks. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of John Mok Sent: 07 April 2005 19:50 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Linux firewall + NAT Traversal + IPsec Hi, I'm new to Linux. Is it possible make a Linux box with firewall + NAT, such that client PC(s) from the NATed internal network could connect to a VPN gateway on the Internet :- client PC ----- Linux iptables firewall + NAT ---- Internet ---- IPsec VPN gateway 192.168.x.x/16 (e.g. Checkpoint FW-1) (VPN client) I hope someone could help to advise what software / kernel patch is required on the Linux box to NAT traversal work and where to get the HOWTO(s)? Thanks a lot. John Mok
