Jeremy Drake wrote:
I currently have kernel 2.6 on foxy - so I'm using the ipsec-tools there. I'll probably upgrade stonewall as well - since I haven't been able to get freeswan to work.On Wed, 4 Feb 2004, Daniel Miller wrote:But how do I do this for external clients? Are there particular ports I need to open? Does using IPSEC eliminate the need for an IPTABLES firewall? With these two routers, do I need to configure special port/ip forwarding?so your freeswan install is on foxy?
So to be clear - I ONLY need to open/forward that port 500 for ALL communication when using IPSEC? That will let me share files using Samba, for example?If so, you need to open up iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT iptables -A INPUT -p esp -j ACCEPTon foxy, and the same in FORWARD and INPUT (I think) on stonewall. You will also need DNAT to forward udp 500 and esp received on stonewall's external interface to foxy's external interface. You may need SNAT to make outward bound ike packets appear to be coming from port 500.Good luck
Daniel