Answer the question
In order to leave comments, you need to log in
M
M
Maxim Grishin2018-05-22 12:49:47
Maxim Grishin, 2018-05-22 12:49:47
Iptables navigates port 500 to the privileged range - how to fix it?
I check the operation of L2TP / IPsec VPN from inside the network on the firewall through tcpdump and see that for some reason the start packets of UDP encapsulation started to leave with a strange port (48). I didn’t change anything (c), after a couple of minutes the same client was already on the matching port (maybe there was still a connection from the inside?) And IPsec over NAT-T was successfully built. The question is - how can I force iptables to set the privileged port range to the normal one so that there are no problems with several VPN clients behind one firewall? NAT rule as per tutorial for static IP:
iptables -t nat -A POSTROUTING -s 10.x.x.0/24 -o eth1 -j SNAT --to-source yy.yy.yy.yy 1 answer(s)
@rakhinskiy
V
Vyacheslav Rakhinsky, 2018-05-22 @rakhinskiy
## Change source addresses to 1.2.3.4, ports 1-1023
# iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 1.2.3.4:1-1023
Similar questions
A
S
G
D
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question