IPSec through NAT Mode
Nilesh
niluforalways at yahoo.com
Mon Nov 22 10:50:02 UTC 2004
Hello All,
I am using Squid proxy and IPtables. I am having some
problems to configure firewall.
The problem is SNAT rule If I put rule in script I am
able to connect VPN server at outside world but could
not block yahoo messengers by squid without SNAT rule
I can block messenger through squid.
I have checked VPN connection properties there is
check box IPsec through NAT mode . If I uncheck I wont
able to connect
SNAT Rule
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to
$EXTIP
could anyone help to solve my problem
also I have tried this rules to connect VPN
but wont work
# IKE negotiations
$IPTABLES -A INPUT -p udp --sport 500 --dport 500 -j
ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 500 --dport 500 -j
ACCEPT
$IPTABLES -A FORWARD -p udp --sport 500 --dport 500 -j
ACCEPT
# ESP encrypton and authentication
$IPTABLES -A INPUT -p 50 -j ACCEPT
$IPTABLES -A OUTPUT -p 50 -j ACCEPT
$IPTABLES -A FORWARD -p 50 -j ACCEPT
# uncomment for AH authentication header
#$IPTABLES -A INPUT -p 51 -j ACCEPT
#$IPTABLES -A OUTPUT -p 51 -j ACCEPT
Thanks in advance
Nilesh,
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
More information about the redhat-list
mailing list