Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Cisco VPN through IPtables
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
fbleagh
Tux's lil' helper
Tux's lil' helper


Joined: 13 Jun 2002
Posts: 98

PostPosted: Wed May 14, 2003 1:09 am    Post subject: Cisco VPN through IPtables Reply with quote

Ok heres the scenario.

I have a small network at home comprised of 2 linux boxen and 2 windows boxen.

1 of the windows boxes is my dad's

the other is my work laptop.

now my company has a nice little cisco vpn setup I can dial into, but it does seem to be working form behind my IPTABLES nat/firewall.
I tried forwarding ports etc but no luck.

Any bright Ideas ?
Back to top
View user's profile Send private message
proxy
Apprentice
Apprentice


Joined: 20 Apr 2002
Posts: 259
Location: Chantilly, VA

PostPosted: Wed May 14, 2003 2:10 am    Post subject: Reply with quote

hmm, my cisco vpn software seems to do fine behind a hardware firewall. what ports are you forwarding?

proxy
Back to top
View user's profile Send private message
fbleagh
Tux's lil' helper
Tux's lil' helper


Joined: 13 Jun 2002
Posts: 98

PostPosted: Wed May 14, 2003 2:26 am    Post subject: Reply with quote

iptables -A FORWARD -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A FORWARD -p udp --sport 50 --dport 50 -j ACCEPT
iptables -A FORWARD -p udp --sport 510 --dport 510 -j ACCEPT
iptables -A FORWARD -p tcp --sport 10000 --dport 10000 -j ACCEPT

is that right ?
Back to top
View user's profile Send private message
jsleeper
Tux's lil' helper
Tux's lil' helper


Joined: 04 Apr 2003
Posts: 75
Location: Virginia Beach, VA, US

PostPosted: Wed May 14, 2003 3:23 pm    Post subject: Reply with quote

I believe that you also have to let in ESP packets, which is tcp protocol 50. So where you normally put tcp or udp, put -p 50 instead. I've never done it with iptables, but with cisco ios I allow in udp port 500 and all esp traffic from the remote vpn device to the local network.
_________________
are sigs really usefull?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum