[plug] Iptables Help - UDP
Russell Steicke
r.steicke at bom.gov.au
Fri Feb 4 14:32:02 WST 2005
On Fri, Feb 04, 2005 at 11:07:52AM +0800, Timothy White wrote:
> My dad is trying to connect to the Alcoa VPN over an NATed Optus Dialup.
> As far as I know it uses UDP and he tried too 2 different gateways.
> Unfortunately it appears that the firewall (iptables) dropped the
> packets. The following is my iptables config[2] with the appropriate
> kernel/iptables log/drop messages[1].
>
> I hope somebody can help me get this working.
>
> Thanks
>
> Tim
>
> [1] (Please do not abuse the destination IP address
> Feb 4 10:00:17 edo kernel: fp=UDP:2 a=DROP IN=eth0 OUT=ppp0
> SRC=192.168.0.48 DST=203.38.101.24 LEN=850 TOS=0x00 PREC=0x00 TTL=127
> ID=293 PROTO=UDP SPT=500 DPT=500 LEN=830
Without reading through all your iptables rules, I guess that you'd
need (at least) a rule like this:
iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
You could add this rule manually to see if it works, then save your
rules however you'd normally do it. With debian, it used to be
/etc/init.d/iptables save_active
but I believe the newer iptables packages have the init.d script
removed.
And if you're doing IPSEC, you'll need to route some selection of
these protocols: GRE (47), ESP (50) and AH (51). netfilter.org should
have some documentation on this. It's been a while since I looked
briefly at IPSEC, so the details are a bit rusty, sorry. But ISTR
that the endpoint had to be your router, not a machine on your
network.
--
Russell Steicke
-- Fortune says:
Day of inquiry. You will be subpoenaed.
More information about the plug
mailing list