[Openswan Users] anything wrong with these iptables?
Tuomo Soini
tis at foobar.fi
Mon Jul 19 05:32:16 EDT 2010
Paul Wouters wrote:
> On Thu, 15 Jul 2010, Ryan McLeod wrote:
>
>> I'm having some minor problems when a vpn re-establishes after one of the vpn devices are rebooted. It's an ASA to openswan setup. I just
>> want to know if these iptable settings are proper.
>>
>> $IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT
>>
>> $IPTABLES -A OUTPUT -p udp --dport 500 -j ACCEPT
>> $IPTABLES -A INPUT -p udp --dport 4500 -j ACCEPT
>> $IPTABLES -A OUTPUT -p udp --dport 4500 -j ACCEPT
>
> This is not complete. the 4500 connection usually comes in from a random high port
>
> $IPTABLES -A OUTPUT -p udp --sport 4500 -j ACCEPT
And for nat-t initial nat-t connection to udp 500 comes from random high
port too...
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list