Reply To: ESP Forwarding

[hugoboss]

Forward Chain

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     tcp  --  192.168.0.2          anywhere            tcp dpt:smtp

DROP       tcp  --  192.168.0.0/24       anywhere            tcp dpt:smtp

ACCEPT     esp  --  anywhere             anywhere

changed the iptable to

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

DNAT       esp  --  anywhere             195.xxx.xxx.xxx      to:192.168.0.250

DNAT       udp  --  anywhere             195.xxx.xxx.xxx      udp dpt:isakmp to:192.168.0.250:500

DNAT       udp  --  anywhere             195.xxx.xxx.xxx      udp dpt:ipsec-msft to:192.168.0.250:4500

conntrack

11:51:30 	 [NEW] udp 17 30 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 [UNREPLIED] src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500

11:52:08 	[DESTROY] udp 17 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 packets=4 bytes=3068 src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500 packets=0 bytes=0