Community Forum

Resolved
0 votes
Hi

I have a ClearOS Community 7.2 acting gateway/firewall and DHCP-server. On the LAN is a Windows AD and fileserver for some business applications.

I need to forward L2TP/Ipsec to the Windows server through my gateway from external eth 'enp2s5' to an internal IP on the lan 192.168.x.y
According to Microsoft it requires forward of UDP 500, UDP 4500, but also protocol ESP (-p 50).

Is there somone tha can help me with the necesseary rules for the Custom Firewall?!


Thanks in advance

Sven
Tuesday, February 14 2017, 03:35 PM
Share this post:
Responses (3)
  • Accepted Answer

    Wednesday, February 15 2017, 11:01 AM - #Permalink
    Resolved
    0 votes
    I only said to try the rule for a protocol forward. I don't know if it works and can't test! ;)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 15 2017, 09:53 AM - #Permalink
    Resolved
    0 votes
    Thanks Nick.
    You were right.
    It worked without the protocol forward. The problem was likely my ClearOs at home that didn't pass through this VPN tunnel (I have a PPTP-server and PPTP-passthrough setup and it might conflict). When testing from a mobile network it worked fine with the UDP port forwards only.

    Still I learned how to do protocol forward. Thanks.

    /Sven
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 14 2017, 05:42 PM - #Permalink
    Resolved
    0 votes
    Can you just use the port forward module for udp:500 and udp:4500. I am not sure about ESP. Normally in a NAT environment it gets encapsulated in a UDP packet on port 4500 so your port forward should take care of it. There is no way to do a port forward on protocol 50 as it does not have any port. Try first without anything.

    If it does not work, try from the command line
    iptables -I FORWARD -p 50 -i enp2s5 -d 192.168.x.y -j ACCEPT
    If that works and is needed, change "iptables" to "$IPTABLES" and put the rule in the custom firewall
    The reply is currently minimized Show
Your Reply