Iptables, nat, and IPSec

John A. Sullivan III jsullivan at opensourcedevel.com
Wed Apr 6 13:42:55 CEST 2005

On Wed, 2005-04-06 at 07:10 -0400, dave beach wrote:
>  > It´s an IPSec problem. I don´t want to go into detail but you probably
> should try NAT-Traversal.
>  > For the theory http://www.ipsec-howto.org/x180.html
> Okay, I've read the reference. If I understand correctly, I need to use a
> NAT methodology that implements "NAT Traversal" (the reference is a little
> vague on this; in fairness, it does say "There are no RFCs at the moment").
> It might be therefore fair to say that the Linksys implementation includes
> NAT Traversal, enabling it to handle multiple IPSec passthrough connections.
> Which leads me to what I suppose was the original question, now slightly
> modified: does iptables support NAT Traversal?
I did not read your original post but, in direct answer to your last
question, yes, we do NAT-T through and to iptables firewalls all the
time on the ISCS network security management project
(http://iscs.sourceforge.net) - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit

More information about the netfilter mailing list