Iptables, nat, and IPSec

John A. Sullivan III jsullivan at opensourcedevel.com
Wed Apr 6 13:42:55 CEST 2005


On Wed, 2005-04-06 at 07:10 -0400, dave beach wrote:
>  > It´s an IPSec problem. I don´t want to go into detail but you probably
> should try NAT-Traversal.
>  > For the theory http://www.ipsec-howto.org/x180.html
> 
> Okay, I've read the reference. If I understand correctly, I need to use a
> NAT methodology that implements "NAT Traversal" (the reference is a little
> vague on this; in fairness, it does say "There are no RFCs at the moment").
> It might be therefore fair to say that the Linksys implementation includes
> NAT Traversal, enabling it to handle multiple IPSec passthrough connections.
> 
> Which leads me to what I suppose was the original question, now slightly
> modified: does iptables support NAT Traversal?
> 
I did not read your original post but, in direct answer to your last
question, yes, we do NAT-T through and to iptables firewalls all the
time on the ISCS network security management project
(http://iscs.sourceforge.net) - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net




More information about the netfilter mailing list