[Openswan Users] anything wrong with these iptables?

Ryan McLeod r.mcleod20 at gmail.com
Thu Jul 15 10:17:11 EDT 2010


I'm having some minor problems when a vpn re-establishes after one of the
vpn devices are rebooted. It's an ASA to openswan setup. I just want to know
if these iptable settings are proper.

$IPTABLES -A INPUT -p udp  --dport 500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp  --dport 500 -j ACCEPT
$IPTABLES -A INPUT -p udp  --dport 4500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp  --dport 4500 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth0 -p esp -j MARK --set-mark 1
$IPTABLES -A FORWARD -i eth0 -m mark --mark 1 -d 192.168.1.0/24
<http://192.168.2.0/24> -j ACCEPT


eth0 is the NIC going to the ASA and 192.168.1.0/24 is the network on the
inside of the ASA.

Thanks,

Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100715/b61d1959/attachment-0001.html 


More information about the Users mailing list