On November 22, 2004 02:50 am, Nilesh wrote: > Hello All, > > I am using Squid proxy and IPtables. I am having some > problems to configure firewall. > The problem is SNAT rule If I put rule in script I am > able to connect VPN server at outside world but could > not block yahoo messengers by squid without SNAT rule > I can block messenger through squid. > I have checked VPN connection properties there is > check box IPsec through NAT mode . If I uncheck I wont > able to connect > SNAT Rule > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to > $EXTIP > > could anyone help to solve my problem > also I have tried this rules to connect VPN > but wont work > # IKE negotiations > $IPTABLES -A INPUT -p udp --sport 500 --dport 500 -j > ACCEPT > $IPTABLES -A OUTPUT -p udp --sport 500 --dport 500 -j > ACCEPT > $IPTABLES -A FORWARD -p udp --sport 500 --dport 500 -j > ACCEPT > # ESP encrypton and authentication > $IPTABLES -A INPUT -p 50 -j ACCEPT > $IPTABLES -A OUTPUT -p 50 -j ACCEPT > $IPTABLES -A FORWARD -p 50 -j ACCEPT > # uncomment for AH authentication header > #$IPTABLES -A INPUT -p 51 -j ACCEPT > #$IPTABLES -A OUTPUT -p 51 -j ACCEPT > > > > Thanks in advance > Nilesh, > Hi Nilesh, your missing part of the string: > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to > $EXTIP you need "--to-source" not just "--to" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to-source $EXTIP -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
