Linux firewall + NAT Traversal + IPsec

Sietse van Zanen sietse at
Fri Apr 8 14:39:08 CEST 2005

 As far as I know, you would not need anything on the Linux box.

It will all depend on whether the clients and server IPSEC implementation
support IPSEC NAT T(raversal).

Microsofts IPSEC implementation does. But has some drawbacks.

-----Original Message-----
From: netfilter-bounces at
[mailto:netfilter-bounces at] On Behalf Of John Mok
Sent: 07 April 2005 19:50
To: netfilter at
Subject: Linux firewall + NAT Traversal + IPsec


I'm new to Linux. Is it possible make a Linux box with firewall + NAT, such
that client PC(s) from the NATed internal network could connect to a VPN
gateway on the Internet :-

 client PC ----- Linux iptables firewall + NAT ---- Internet ---- IPsec VPN
192.168.x.x/16                                              (e.g. 
Checkpoint FW-1)
(VPN client)

I hope someone could help to advise what software / kernel patch is required
on the Linux box to NAT traversal work and where to get the HOWTO(s)?

Thanks a lot.

John Mok

More information about the netfilter mailing list