Iptables and ipsec
Steve Moro
steve.moro@home.com
Sat, 29 Jul 2000 00:39:00 -0400
Works great.. I see the keys created.. But I have another problem..
What are the rules so I can NAT FTP..
I am using the following rules, are they right?
iptables -A INPUT -i $EXT_IF -p tcp -d $EXT_IP --dport 21 -j ACCEPT
iptables -A OUTPUT -o $EXT_IF -p tcp -d $EXT_IP --sport 20 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $EXT_IP --dport 21 \
-j DNAT --to 172.16.0.1:21
Thanks
Steve
> -----Original Message-----
> From: netfilter-admin@samba.org [mailto:netfilter-admin@samba.org]On
> Behalf Of Alexander Demenshin
> Sent: Friday, July 28, 2000 11:15 PM
> To: Multiple recipients of list NETFILTER
> Subject: Re: Iptables and ipsec
>
>
> On Fri, Jul 28, 2000 at 10:48:35PM -0400, Steve Moro wrote:
>
> > What does the $TABLE represent and what is the last rule -p
> 17.. What does
> > that stand for?
>
> To make things clear:
>
> for HOOK in INPUT OUTPUT FORWARD; do
> iptables -A $HOOK -p 50 -j ACCEPT # Protocol 50 == ESP
> iptables -A $HOOK -p 51 -j ACCEPT # Protocol 51 == AH
> iptables -A $HOOK -p 17 --sport 500 --dport 500 -j ACCEPT
> # Protocol 17 == UDP, port 500 (ISAKMP)
> done
>
> /Al
>