It depends on the type of VPN you are using. IPSec based VPNs typically use: UDP 500 - IPSec negotiation IP 51 - Authentication Header (AH) for IPSec negotiation IP 50 - IPSec data PPTP based VPNs typically use: IP 47 - General Routing Encapsulation (GRE)PPTP data channel TCP 1723 - PPTP control channel You are going to want to figure out which type of VPN you are using and allow for those ports. I would assume that since you're getting authentication requests with port 500 open however your TCP 500 causes me to wonder what type of VPN you have. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Eduardo Ukstin Sent: Wednesday, January 04, 2006 3:18 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: VPN rules Hi I´m trying to configure a subnet into my network to access a VPN outside here. The vpn uses port 500, just the forward rules doesn´t seem to work, my rule was this iptables -A INPUT -i eth1 -p tcp -s xx.xx.xx.xx/24 --dport 500 -j ACCEPT (after a established, related rule) and iptables -A FORWARD -i eth1 -s xx.xx.xx.xx/24 -p tcp --dport 500 -j ACCEPT (also, after a established, related rule) I think its enough, and sometimes the stations could connect very well, but now, the vpn client start the connection and after the user and password requisition he starts to try a reconnection. I read something about protocol 47 (option -p 47) I need to use it? Need some special patch in iptables or what? Thanks a lot -- Eduardo Ukstin GNU/Linux User #328388
