[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] anything wrong with these iptables?
From: Tuomo Soini <tis () foobar ! fi>
Date: 2010-07-19 9:32:16
Message-ID: 4C441BA0.3080207 () foobar ! fi
[Download RAW message or body]
Paul Wouters wrote:
> On Thu, 15 Jul 2010, Ryan McLeod wrote:
>
> > I'm having some minor problems when a vpn re-establishes after one of the vpn \
> > devices are rebooted. It's an ASA to openswan setup. I just want to know if these \
> > iptable settings are proper.
> > $IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT
> >
> > $IPTABLES -A OUTPUT -p udp --dport 500 -j ACCEPT
> > $IPTABLES -A INPUT -p udp --dport 4500 -j ACCEPT
> > $IPTABLES -A OUTPUT -p udp --dport 4500 -j ACCEPT
>
> This is not complete. the 4500 connection usually comes in from a random high port
>
> $IPTABLES -A OUTPUT -p udp --sport 4500 -j ACCEPT
And for nat-t initial nat-t connection to udp 500 comes from random high
port too...
--
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic