Linux firewall + NAT Traversal + IPsec

Sietse van Zanen sietse at wizdom.nu
Fri Apr 8 14:39:08 CEST 2005


 As far as I know, you would not need anything on the Linux box.

It will all depend on whether the clients and server IPSEC implementation
support IPSEC NAT T(raversal).

Microsofts IPSEC implementation does. But has some drawbacks.

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of John Mok
Sent: 07 April 2005 19:50
To: netfilter at lists.netfilter.org
Subject: Linux firewall + NAT Traversal + IPsec

Hi,

I'm new to Linux. Is it possible make a Linux box with firewall + NAT, such
that client PC(s) from the NATed internal network could connect to a VPN
gateway on the Internet :-

 client PC ----- Linux iptables firewall + NAT ---- Internet ---- IPsec VPN
gateway
192.168.x.x/16                                              (e.g. 
Checkpoint FW-1)
(VPN client)

I hope someone could help to advise what software / kernel patch is required
on the Linux box to NAT traversal work and where to get the HOWTO(s)?

Thanks a lot.

John Mok






More information about the netfilter mailing list