Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy

Those are not really helpful suggestions. I have no choice about the
IPSec implementation I'm using. This particular SonicWall configuration
does not work with FreeS/WAN or OpenS/WAN. I spent several hours with
one of the OpenS/WAN developers and he was not able to figure it out.

Moreover, corporate policy would prohibit the arrangement you suggest.

When I was using a black box DSL router, the NAT traversal worked fine
with no special configuration. With netfilters, packets are being
dropped in between mangle PREROUTING and nat PREROUTING even though the
connection shows up as tracked under /proc/net/ip_conntrack. My
question is how to debug the packets being dropped when (1) there is no
IPSec on the NAT box (2) they do not show up as INVALID (3) they *do*
show up in mangle PREROUTING but (4) they do not show up in any other
chain or in tcpdump watching the LAN-facing ethernet interface.
Received on Sat Dec 3 04:17:58 2005