On Sat, 22 Nov 2003, Andrew S. Johnson wrote:
> Has anyone configured iptables/NAT to allow a windows VPN
> client on a private subnet to talk to a VPN server on the internet
> through a Linux box?
>
> It works when connected directly to the DSL modem, but I haven't
> gotten it to work otherwise.
>
> Andy Johnson
We do this at work with iptables, but not with NAT, so I don't know
if this will help, but...
You have to allow protocols 50 & 51 and udp port 500.
Here is an example of how we have it setup, but with out NAT:
$IPT -A FORWARD -p 50 -s xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx -j ACCEPT
$IPT -A FORWARD -p 50 -d xxx.xxx.xxx.xxx -s xxx.xxx.xxx.xxx -j ACCEPT
$IPT -A FORWARD -p 51 -s xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx -j ACCEPT
$IPT -A FORWARD -p 51 -d xxx.xxx.xxx.xxx -s xxx.xxx.xxx.xxx -j ACCEPT
$IPT -A FORWARD -p udp -s xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx --sport 500
--dport 500 -j ACCEPT
$IPT -A FORWARD -p udp -d xxx.xxx.xxx.xxx -s xxx.xxx.xxx.xxx --sport 500
--dport 500 -j ACCEPT
I"m not 100% sure about the order of these, the port 500 might have
to be above the protocols.
BB
___________________
Nolug mailing list
nolug@nolug.org
Received on 11/23/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST