[Firehol-support] OpenSwan and firehol

Costa Tsaousis costa at tsaousis.gr
Fri Mar 13 01:41:22 GMT 2009


Munroe Sollog wrote:
> I need:
>
> iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j RETURN
>   
the above line does nothing.
> iptables -I INPUT -p 50 -j ACCEPT
> iptables -I OUTPUT -p 50  -j ACCEPT
>   
in firehol: add this at firehol.conf top:

server_p50_ports="50/any"
client_p50_ports="any"

then in the interface or router you want, add:

server p50 accept

or

client p50 accept

depending on which is the server or the client.

I think however that you are going to need more than that. There should 
be one or more tcp or udp ports involved to handshake/control the vpn 
before the actual vpn traffic will begin to flow.

Keep also in mind that you can add the iptables commands you mention at 
the top of firehol.conf and firehol will activate them before its own rules.
So just add them and try.

Costa





More information about the Firehol-support mailing list