Reply To: ESP Forwarding

Home Page Forums Network Management Networking ESP Forwarding Reply To: ESP Forwarding

November 27, 2011 at 10:56 am #52088

hugoboss
Member

Forward Chain

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     tcp  --  192.168.0.2          anywhere            tcp dpt:smtp

DROP       tcp  --  192.168.0.0/24       anywhere            tcp dpt:smtp

ACCEPT     esp  --  anywhere             anywhere

changed the iptable to

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

DNAT       esp  --  anywhere             195.xxx.xxx.xxx      to:192.168.0.250

DNAT       udp  --  anywhere             195.xxx.xxx.xxx      udp dpt:isakmp to:192.168.0.250:500

DNAT       udp  --  anywhere             195.xxx.xxx.xxx      udp dpt:ipsec-msft to:192.168.0.250:4500

conntrack

11:51:30 	 [NEW] udp 17 30 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 [UNREPLIED] src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500

11:52:08 	[DESTROY] udp 17 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 packets=4 bytes=3068 src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500 packets=0 bytes=0