Allow ESP traffic on IPCop/iptables?

Posted on 2006-03-26
Last Modified: 2008-01-09
I refer to the last couple of comments on this question:

How can I allow ESP traffic through an IPCop firewall?
And how do I make sure that UDP ports 450 and 5000 are allowed both ways (incoming is defined in port forward)?
Question by:realfoh
    1 Comment
    LVL 19

    Accepted Solution

    don't know ipcop but these are the iptables rules:

    iptables -A FORWARD -p esp -j ACCEPT

    iptables -A FORWARD -p udp --dport 450 -j ACCEPT
    iptables -A FORWARD -p udp --dport 5000 -j ACCEPT

    maybe you need to open INPUT if the server software is running on the same box as your linux firewall:
    iptables -A INPUT -p esp -j ACCEPT

    you only need to open the input rules when the final connection point is the same linux box. if traffic should pass across, then use the forward chain.


    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now