[Openswan Users] Firewall, Routing and Tunneling between public networks

Jai Rangi jprangi at gmail.com
Tue Oct 2 10:45:27 EDT 2007

Thank you Peter,
That's what I though. I will double check my configuration and will try


On 10/2/07, Peter McGill <petermcgill at goco.net> wrote:
>  First method should work, and work easier because there is no NAT
> (Network Address Translation) to worry about.
> No reason the FORWARD rules wouldn't work on Public IPs, I don't think
> they care at all what IP you give.
> Make sure you don't use MASQUERADE, SNAT or DNAT rules.
> -A adds the rules to the end of the chain, are there any earlier rules
> that might block the public traffic?
> iptables -t filter -n -v -L
> iptables -t nat -n -v -L
> iptables -t mangle -n -v -L
> Will show you all your firewall rule details.
> Peter McGill
>  ------------------------------
> *From:* users-bounces at openswan.org [mailto:users-bounces at openswan.org] *On
> Behalf Of *Jai Rangi
> *Sent:* October 2, 2007 2:56 AM
> *To:* users at openswan.org
> *Subject:* [Openswan Users] Firewall,Routing and Tunneling between public
> networks
> Hello List,
> I am trying to set up a linux server as a router/firewall and set up a SIP
> tunneling between two public networks.
> My Diagram will be something like this
> Internet <-----> Linux Router <--------------> My Internal Network with
> Public IPs.
> Say My Network IPs are
> I tried this setup.
> Internet <----> (ExtIP <- Default Gateway -> Internal IP)
> <------> My Servers connected through a switch with IPs
> with Default Gateway
> This set up did not work.
> If I do this
> Internet <----> (ExtIP <- Default Gateway -> Internal IP)
> <------> My Servers connected through a switch with IPs
> with Default Gateway
> I can go out through ip forwarding like this...
> iptables -P FORWARD DROP
> iptables -A FORWARD -s ${HUB_LAN} -j ACCEPT
> iptables -A FORWARD -d ${HUB_LAN} -j ACCEPT
> These rules does not work with public IPs.
> My Other Questions are
> 1. Can I use racoon for SIP tunneling, is there any limit on number of
> sessions. Bought a juniper router and found out that the router supports on
> 16 channels. I need to support at least 400 SIP channels.
> 2. I have seen a lot of documentation of setting up Masquarding and IP
> Forwarding. I made it work but that does not solve my purpose. I need to
> assign Public IP to the my machines behind the router so that outside world
> can access those machines through router directly.
> 3. I need to have tunneling with one service provider for network
> For rest of the world I want the traffic to go through
> the router without any modification. I might want to add some firewall rules
> later for some specific port.
> I will appreciate if some one can give me some lead on how can I achieve
> this.
> Thank you,
> JP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071002/4bdd56e9/attachment.html 

More information about the Users mailing list