[Firehol-support] OpenSwan and firehol

Munroe Sollog sollog at digiraticonsulting.com
Fri Mar 13 02:02:34 GMT 2009


Thank you for the help, this rule:

iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j RETURN

is supposed to not nat traffic from the localnet to the remotenet.

I will do as you suggest, and play with the ip tables rules at the top
of my .conf

- Munroe

On 3/12/09 9:41 PM, Costa Tsaousis wrote:
> Munroe Sollog wrote:
>> I need:
>>
>> iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j
>> RETURN
>>   
> the above line does nothing.
>> iptables -I INPUT -p 50 -j ACCEPT
>> iptables -I OUTPUT -p 50  -j ACCEPT
>>   
> in firehol: add this at firehol.conf top:
>
> server_p50_ports="50/any"
> client_p50_ports="any"
>
> then in the interface or router you want, add:
>
> server p50 accept
>
> or
>
> client p50 accept
>
> depending on which is the server or the client.
>
> I think however that you are going to need more than that. There
> should be one or more tcp or udp ports involved to handshake/control
> the vpn before the actual vpn traffic will begin to flow.
>
> Keep also in mind that you can add the iptables commands you mention
> at the top of firehol.conf and firehol will activate them before its
> own rules.
> So just add them and try.
>
> Costa
>




More information about the Firehol-support mailing list