Le samedi 09 décembre 2006 à 15:47 -0800, rabbtux rabbtux a écrit : > Anyone have suggestions for a rule to allow IPsec packets to pass from > a NATed subnet?? I know linksys,dlink, et. all have a firewall > checkbox to alow ipsec vpns to work. IPSEC implies IP protocols 50 (ESP) and sometimes 51 (AH). Therefore, you have to handle them both. A (very) quick'n'dirty ESP NAT would be: iptables -t nat -A POSTROUTING -p 50 -j MASQUERADE iptables -A FORWARD -p 50 -j ACCEPT Now, just adapt this to your own situation and push some rules with subnet adresses, input and output interfaces, etc. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
