Thanks Pete Nesbitt, I think u r not getting my point 1) I want to connect VPN server which required IPsec through NAT Mode I think for that the rule is $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to-source $EXTIP If I put this rule in firewall script I cannot block yahoo messenger. I am using squid through squid I have blocked messngers thats working fine but only problem with Yahoo If I put this rule in script If I remove POSTROUTING rule I am able to block messenger but could not connect VPN Please help me Thanks Nilesh, --- Pete Nesbitt <pete@xxxxxxxxx> wrote: > On November 22, 2004 02:50 am, Nilesh wrote: > > Hello All, > > > > I am using Squid proxy and IPtables. I am having > some > > problems to configure firewall. > > The problem is SNAT rule If I put rule in script I > am > > able to connect VPN server at outside world but > could > > not block yahoo messengers by squid without SNAT > rule > > I can block messenger through squid. > > I have checked VPN connection properties there is > > check box IPsec through NAT mode . If I uncheck I > wont > > able to connect > > SNAT Rule > > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT > --to > > $EXTIP > > > > could anyone help to solve my problem > > also I have tried this rules to connect VPN > > but wont work > > # IKE negotiations > > $IPTABLES -A INPUT -p udp --sport 500 --dport 500 > -j > > ACCEPT > > $IPTABLES -A OUTPUT -p udp --sport 500 --dport 500 > -j > > ACCEPT > > $IPTABLES -A FORWARD -p udp --sport 500 --dport > 500 -j > > ACCEPT > > # ESP encrypton and authentication > > $IPTABLES -A INPUT -p 50 -j ACCEPT > > $IPTABLES -A OUTPUT -p 50 -j ACCEPT > > $IPTABLES -A FORWARD -p 50 -j ACCEPT > > # uncomment for AH authentication header > > #$IPTABLES -A INPUT -p 51 -j ACCEPT > > #$IPTABLES -A OUTPUT -p 51 -j ACCEPT > > > > > > > > Thanks in advance > > Nilesh, > > > > > Hi Nilesh, > your missing part of the string: > > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT > --to > > $EXTIP > > you need "--to-source" not just "--to" > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT > --to-source $EXTIP > > > -- > Pete Nesbitt, rhce > > -- > redhat-list mailing list > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
