LeafUnderscore
08-05-2006, 11:17 AM
Okay, I am routing protocol 47, 50, 51. Ports UDP 500 & 1701.
This is the script I'm using:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --delete-chain
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -I FORWARD -p udp -i eth0 -o eth1 -d 10.40.56.19 --dport 500 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p udp --destination-port 500 -j DNAT --to-destination 10.40.56.19:500
iptables -t nat -A PREROUTING -d 10.40.56.19 -p ESP -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p ESP -i eth0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -I FORWARD -p udp -i eth0 -o eth1 -d 10.40.56.19 --dport 1701 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p udp --destination-port 1701 -j DNAT --to-destination 10.40.56.19:1701
iptables -I FORWARD -p AH -i eht0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p AH -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p GRE -i eth0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p GRE -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p tcp -i eht0 -o eth1 -d 10.40.56.19 --dport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p tcp --destination-port 1723 -j DNAT --to-destination 10.40.56.19:1723
And this is my table using - iptables -vnL;iptables -t nat -vnL:
Chain INPUT (policy ACCEPT 12765 packets, 2859K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 548K packets, 438M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eht0 eth1 0.0.0.0/0 10.40.56.19 tcp dpt:1723
0 0 ACCEPT 47 -- eth0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT ah -- eht0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT udp -- eth0 eth1 0.0.0.0/0 10.40.56.19 udp dpt:1701
0 0 ACCEPT esp -- eth0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT udp -- eth0 eth1 0.0.0.0/0 10.40.56.19 udp dpt:500
Chain OUTPUT (policy ACCEPT 5372 packets, 636K bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 30224 packets, 2348K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 10.40.56.19 udp dpt:500 to:10.40.56.19:500
0 0 DNAT esp -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT udp -- * * 0.0.0.0/0 10.40.56.19 udp dpt:1701 to:10.40.56.19:1701
0 0 DNAT ah -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT 47 -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT tcp -- * * 0.0.0.0/0 10.40.56.19 tcp dpt:1723 to:10.40.56.19:1723
Chain POSTROUTING (policy ACCEPT 4243 packets, 390K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 344 packets, 21981 bytes)
pkts bytes target prot opt in out source destination
To my eyes everything I need is being forwarded. Am I missing something? When I try to connect I get this error:
Error 792: The L2TP connection attempt failed because security negotiation timed out.
Heeeelp.
This is the script I'm using:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --delete-chain
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -I FORWARD -p udp -i eth0 -o eth1 -d 10.40.56.19 --dport 500 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p udp --destination-port 500 -j DNAT --to-destination 10.40.56.19:500
iptables -t nat -A PREROUTING -d 10.40.56.19 -p ESP -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p ESP -i eth0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -I FORWARD -p udp -i eth0 -o eth1 -d 10.40.56.19 --dport 1701 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p udp --destination-port 1701 -j DNAT --to-destination 10.40.56.19:1701
iptables -I FORWARD -p AH -i eht0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p AH -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p GRE -i eth0 -o eth1 -d 10.40.56.19 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p GRE -j DNAT --to-destination 10.40.56.19
iptables -I FORWARD -p tcp -i eht0 -o eth1 -d 10.40.56.19 --dport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.40.56.19 -p tcp --destination-port 1723 -j DNAT --to-destination 10.40.56.19:1723
And this is my table using - iptables -vnL;iptables -t nat -vnL:
Chain INPUT (policy ACCEPT 12765 packets, 2859K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 548K packets, 438M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eht0 eth1 0.0.0.0/0 10.40.56.19 tcp dpt:1723
0 0 ACCEPT 47 -- eth0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT ah -- eht0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT udp -- eth0 eth1 0.0.0.0/0 10.40.56.19 udp dpt:1701
0 0 ACCEPT esp -- eth0 eth1 0.0.0.0/0 10.40.56.19
0 0 ACCEPT udp -- eth0 eth1 0.0.0.0/0 10.40.56.19 udp dpt:500
Chain OUTPUT (policy ACCEPT 5372 packets, 636K bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 30224 packets, 2348K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 10.40.56.19 udp dpt:500 to:10.40.56.19:500
0 0 DNAT esp -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT udp -- * * 0.0.0.0/0 10.40.56.19 udp dpt:1701 to:10.40.56.19:1701
0 0 DNAT ah -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT 47 -- * * 0.0.0.0/0 10.40.56.19 to:10.40.56.19
0 0 DNAT tcp -- * * 0.0.0.0/0 10.40.56.19 tcp dpt:1723 to:10.40.56.19:1723
Chain POSTROUTING (policy ACCEPT 4243 packets, 390K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 344 packets, 21981 bytes)
pkts bytes target prot opt in out source destination
To my eyes everything I need is being forwarded. Am I missing something? When I try to connect I get this error:
Error 792: The L2TP connection attempt failed because security negotiation timed out.
Heeeelp.