ipsec nat and iptables

Info DataCenter1.com info at datacenter1.com
Thu Aug 25 17:27:45 CEST 2005


I'm trying to setup a network to network vpn using native ipsec support 
on Centos 4.1

Network A
eth0=  conected to internet
eth1= conected to private lan

Network B
eth0 conected to Internet
eth1= conected to private lan

 >From server A I'm able to ping and viceversa but computers 
in the private lan can't see the other side

I'm using pre-shared keys also I set nat_transversal in racoon

Also I set my servers like iptables router
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

iptables -A FORWARD -i eth1 -o eth0
iptables -A FORWARD -i eth0 -o eth1

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i ethY -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

More information about the netfilter mailing list