[Firehol-support] OpenSwan and firehol

Munroe Sollog sollog at digiraticonsulting.com
Fri Mar 13 02:02:34 GMT 2009

Thank you for the help, this rule:

iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j RETURN

is supposed to not nat traffic from the localnet to the remotenet.

I will do as you suggest, and play with the ip tables rules at the top
of my .conf

- Munroe

On 3/12/09 9:41 PM, Costa Tsaousis wrote:
> Munroe Sollog wrote:
>> I need:
>> iptables -t nat -I POSTROUTING -s localnet/mask -d remotenet/mask -j
> the above line does nothing.
>> iptables -I INPUT -p 50 -j ACCEPT
>> iptables -I OUTPUT -p 50  -j ACCEPT
> in firehol: add this at firehol.conf top:
> server_p50_ports="50/any"
> client_p50_ports="any"
> then in the interface or router you want, add:
> server p50 accept
> or
> client p50 accept
> depending on which is the server or the client.
> I think however that you are going to need more than that. There
> should be one or more tcp or udp ports involved to handshake/control
> the vpn before the actual vpn traffic will begin to flow.
> Keep also in mind that you can add the iptables commands you mention
> at the top of firehol.conf and firehol will activate them before its
> own rules.
> So just add them and try.
> Costa

More information about the Firehol-support mailing list