Iptables – How to configure dd-wrt to forward IP Protocol ID 50 & 51 traffic to an internal machine

ipiptableslinux-networkingnetworkingrouter

Please note, I'm not talking about TCP or UDP traffic. Rather IP traffic with the protocol ids of 50 and 51.

The point of this being that I can then pass IPsec traffic thru to the internal machine where it would act as the VPN terminator.

Best Answer

The same way as any other forward:

root@lightning:~# iptables -t nat -A PREROUTING -p 50 -j DNAT --to 1.2.3.4
root@lightning:~# iptables -t nat -A PREROUTING -p 51 -j DNAT --to 1.2.3.4
root@lightning:~# iptables -t nat -L PREROUTING -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       esp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:1.2.3.4
    0     0 DNAT       ah   --  *      *       0.0.0.0/0            0.0.0.0/0            to:1.2.3.4

Best Answer

Related Solutions

How GRO (generic receive offload) works on more advanced NICs

Router – How to get internal hosts to use a VPN connection set up on a FreeBSD router

Related Topic