[TriLUG] iptables and VPNs
Brian Weaver
weave at oculan.com
Fri Feb 6 17:06:33 EST 2004
Scratch that!!!
I should have used 'DNAT', Doh!
-Weave
Brian Weaver wrote:
> I use to have a configuration for this, but then Nortel axed my reason
> for keeping the config current.
>
> If it is for Nortel they should be able to get you the information. I
> got the information for setting up my firewall from Nortel. I probably
> would still have the config but the disk with it bit the dust, that
> didn't help.
>
> I saw this (found using google)
>
> ---
> Hi,
>
> You need to open UDP port no. 500 in case if you are using IPSec/IKE as the
> protocol. Otherwise you need to open TCP port no. 1723 in case you are
> using PPTP. For L2TP, it is 1701.
>
>
> ---
>
> Port 500 rings a bell. I think I just did something SIMILAR to:
>
> iptables -t nat -A PREROUTING -s ${NORTEL}/32 \
> -d ${FWHOST}/32 -p udp --destination-port 500 \
> -j SNAT --to-source ${WINDOWS}
>
>
>
> -Weave
>
>
> Tarus Balog wrote:
>
>> Gang:
>>
>> Anyone have experience fixing up VPN access through an iptables-based
>> firewall? We have a linux box that acts like a router, and I was
>> recently in need of a VPN connection through that firewall to a
>> client's site. The VPN was by NORTEL, and I had to use the Contivity
>> VPN client for Windows to access it. I *think* it was IKE based, but
>> I am not even sure what that means (grin).
>>
>> My connection would establish, but then I would start losing packets
>> (verified by repeated pings) until nothing would go through, over the
>> span of about five minutes. I moved my system outside the firewall
>> and these problems went away.
>>
>> Clues?
>>
>> -T
>>
>> ________________________________________________________________________
>> ___
>> Tarus Balog, OpenNMS Maintainer Main: +1 919 545 2553
>> Blast Internet Services, Inc. Fax: +1 503-961-7746
>> Email: tarus at opennms.org URL: http://www2.blast.com/tarus
>> PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82 B45C
>>
More information about the TriLUG
mailing list