Jeremy Drake wrote:
On Wed, 4 Feb 2004, Daniel Miller wrote:
But how do I do this for external clients? Are there particular ports I
need to open? Does using IPSEC eliminate the need for an IPTABLES
firewall? With these two routers, do I need to configure special
port/ip forwarding?
so your freeswan install is on foxy?
I currently have kernel 2.6 on foxy - so I'm using the ipsec-tools
there. I'll probably upgrade stonewall as well - since I haven't been
able to get freeswan to work.
If so, you need to open up
iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
on foxy, and the same in FORWARD and INPUT (I think) on stonewall. You
will also need DNAT to forward udp 500 and esp received on stonewall's
external interface to foxy's external interface. You may need SNAT to
make outward bound ike packets appear to be coming from port 500.
Good luck
So to be clear - I ONLY need to open/forward that port 500 for ALL
communication when using IPSEC? That will let me share files using
Samba, for example?
Daniel
