You also want to make sure that you aren't trying to nat packets that your ipsec server has already applied a header to. This will mangle the auth header used to authenticate traffic between the two gateways. Can you diagram your network? Iptables -A INPUT -p 51 -i $IFACE -j ACCEPT -s $CLIENT/SERVER should work... Also, you want to allow protocol 50 as well.... and port 500 for IKE (internet key exchange proto)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nate Eldredge Sent: Monday, February 25, 2002 4:13 PM To: Charles Stack Cc: [EMAIL PROTECTED] Subject: Re: ipsec and iptables Charles Stack writes: > We're trying to connect a ipsec client to an ipsec server through an > iptables-based firewall. > It seems that the firewall is blocking protocol 50 traffic. > > Is it possible to get this traffic to pass through cleanly? > If so, how? Haven't tested this, but did you try iptables -p 50 -j ACCEPT ? -- Nate Eldredge [EMAIL PROTECTED]
