Hi,
From: Drew J. Como [mailto:dcomo@bascom.com] All,
I am having a problem that I hope someone could shed some light on. I have a machine running 3COM VPN software behind a SuSE 7.3 system running the 2.4.20 kernel.
I am having a problem writing the appropriate rules that will allow this machine to talk to a VPN server that is sitting on the outside world.
I know I have to write a protocol 47 rule, but am not sure the exact syntax.
I tried the following: iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT
Shouldn't that read iptables -A INPUT -i eth0 -p 47 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT iptables -A OUTPUT -o eth1 -p 47 -j ACCEPT And what about replies? I would not use -i for such a rule, I'd rather use --source and --destination Could you give some more details about your rules? Maybe the connection gets denied by an other rule.
However, running a tcpdump while trying the connection shows: 172.16.0.1 > 172.16.0.16: icmp: x.x.x.x protocol 47 port 34827 unreachable (x.x.x.x = outside address)
Do I need to add additional support rules, or is my syntax just incorrect?
Any assistance that can be offered is greatly appreciated.
Drew
cheers, Stefan