[Openswan Users] Iptables 2.4 Kernel
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Wed Dec 29 09:20:56 CET 2004
Dnia wto 28. grudnia 2004 20:52, Stefan Leippert napisał:
> Hello all !
> I am testing the Redwall Firewall (Kernel 2.4) which has openswan
> installed.
>
>
> The connection works, I have an established ISAKMP and there are
> encapsulated packets with NAT-T. Ethereal says, that the packets are
> encapsulated in UDP.
>
> Problem:
> I can't reach any service on the gateway.
>
> I think I have to make some changes in my iptables script. Currently I have
> opened port 500 and 4500 on the gateway. The gateway has two NICs, eth0 to
> the LAN and eth1 to ADSL-Modem. After the ISAKMP-established there is
> another interface "ipsec0".
> I can't ping or reach any other service on the gateway or in the LAN. Do I
> need special rules for iptables and the interface "ipsec0" ?
I don't know too much about ipsec in kernel 2.4, 'cause I use native 2.6, but
if you have an 'ipsec0' interface you should also set rules for that
interface in the iptables script. You should let UDP[500, 4500], and also the
ESP (50; cat /etc/protocols) protocol, for example:
(I assume UDP has been accepted)
iptables -A INPUT -i ipsec0 -p esp -j ACCEPT
iptables -A OUTPUT -o ipsec0 -p esp -j ACCEPT
(this above would be enough in the most simple case)
Maybe it will help you.
Regards!
Tom
More information about the Users
mailing list