You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Vasiliy Boulytchev <va...@boulytcheva.com> on 2002/03/19 22:54:14 UTC
Re: [Users] iptables rules for NAT with ipsec
Yeah, no kidding, PLEASE HELP!!!!! :(
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "David Davidse" <da...@sheviak.com>
To: "IPSec Users List" <us...@lists.freeswan.org>
Sent: Tuesday, March 19, 2002 2:23 PM
Subject: Re: [Users] iptables rules for NAT with ipsec
> I am having the exact same problem, hopefully somebody will put us out
> of our misery soon ;)
>
> vasiliy@boulytcheva.com wrote:
>
> > Ladies and Gents,
> >
> > here's my iptablesload file:
> >
> >
> >
> > #######################################################
> >
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> >
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j SNAT --to
> > 209.12.32.2
> >
> >
> >
> > #forward rules
> > iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
> > iptables -A FORWARD -d 10.0.0.0/24 -j ACCEPT
> >
> >
> >
> > # ALLOW IPSEC IN eth0
> > iptables -A INPUT -p udp --dport 500 -j ACCEPT
> > iptables -A INPUT -p 50 -j ACCEPT
> >
############################################################################
###
> >
> >
> >
> > How come when I make the VPN connection, I can only ping the
> > internal interface of the firewall? I can't get to any computers on the
> > network. Please help.......
> >
> >
> >
> > Kindest Regards,
> >
> >
> >
> > Vasiliy Boulytchev
> > Colorado Information Technologies Inc.
> >
>
>
> --
> ---------------------( | . |. .
> david@sheviak.com _)|\(-\/|(||\ ||\(_.
> -----------------------------------
> "committed to freedom and diversity"
> -----------------------------------
>
> _______________________________________________
> Users mailing list
> Users@lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org