[Firehol-support] OpenSwan and firehol
costa at tsaousis.gr
Fri Mar 13 01:41:22 GMT 2009
Munroe Sollog wrote:
> I need:
> iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j RETURN
the above line does nothing.
> iptables -I INPUT -p 50 -j ACCEPT
> iptables -I OUTPUT -p 50 -j ACCEPT
in firehol: add this at firehol.conf top:
then in the interface or router you want, add:
server p50 accept
client p50 accept
depending on which is the server or the client.
I think however that you are going to need more than that. There should
be one or more tcp or udp ports involved to handshake/control the vpn
before the actual vpn traffic will begin to flow.
Keep also in mind that you can add the iptables commands you mention at
the top of firehol.conf and firehol will activate them before its own rules.
So just add them and try.
More information about the Firehol-support