On 04/29/2007 09:06:44 AM, Neil Aggarwal - neil@xxxxxxxxxxxxxxxxxx wrote: > Jim: > > > Maybe you could use SNAT to make the packets appear > > to come from the firewall, then they ought to come back. > > How do I set up the SNAT rule? > This will make the packet look like it came from the firewall: /sbin/iptables -t nat -I POSTROUTING -o eth1 -d $LINKSYS_VPN_IP \ -p tcp --dport 1723 -j SNAT --to-source 192.168.1.1 (where 192.168.1.1 is the ip address of the firewall on eth1 side) If postrouting still has a default drop policy etc. then this rule must be found before the accept rule, that is why it has -I, to put it first. HTH -- Jim Laurino nfcan.x.jimlaur@xxxxxxxx Please reply to the list. Only mail from the listserver reaches this address.
