[Openswan Users] anything wrong with these iptables?

Ryan McLeod r.mcleod20 at gmail.com
Thu Jul 15 10:17:11 EDT 2010

I'm having some minor problems when a vpn re-establishes after one of the
vpn devices are rebooted. It's an ASA to openswan setup. I just want to know
if these iptable settings are proper.

$IPTABLES -A INPUT -p udp  --dport 500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp  --dport 500 -j ACCEPT
$IPTABLES -A INPUT -p udp  --dport 4500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp  --dport 4500 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth0 -p esp -j MARK --set-mark 1
$IPTABLES -A FORWARD -i eth0 -m mark --mark 1 -d
<> -j ACCEPT

eth0 is the NIC going to the ASA and is the network on the
inside of the ASA.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100715/b61d1959/attachment-0001.html 

More information about the Users mailing list