[Firehol-support] OpenSwan and firehol
Costa Tsaousis
costa at tsaousis.gr
Fri Mar 13 02:41:22 CET 2009
Munroe Sollog wrote:
> I need:
>
> iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j RETURN
>
the above line does nothing.
> iptables -I INPUT -p 50 -j ACCEPT
> iptables -I OUTPUT -p 50 -j ACCEPT
>
in firehol: add this at firehol.conf top:
server_p50_ports="50/any"
client_p50_ports="any"
then in the interface or router you want, add:
server p50 accept
or
client p50 accept
depending on which is the server or the client.
I think however that you are going to need more than that. There should
be one or more tcp or udp ports involved to handshake/control the vpn
before the actual vpn traffic will begin to flow.
Keep also in mind that you can add the iptables commands you mention at
the top of firehol.conf and firehol will activate them before its own rules.
So just add them and try.
Costa
More information about the Firehol-support
mailing list