[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hi All,I'm getting very confused with openswan and iptables. I've got my openswan connection establised fine and I get encryped packets going back and forth between the machines, but as soon as I bring iptables up on the server end it stops working. I'm guessing this is due to the lack of distinct ipsec0 interface in openswan unlike when it was still freeswan.
I'm allowing all the stuff I think I should be: iptables -A INPUT -i eth1 -p 50 -j ACCEPT iptables -A INPUT -i eth1 -p 51 -j ACCEPT iptables -A INPUT -i eth1 -p udp --destination-port 500 -j ACCEPT And then rejecting anything else: iptables -A INPUT -i eth1 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROPPresumably in the old days it once the packets came in on ipsec0 they weren't affected by the firewall, but I can't see how to account for that now.
Cheers, Alex. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html