# kernel dropping silently port forwarding on port 500[SOLVED]

## OPelerin

packets on port 53 are properly forwarded - same thing for port 6666

ironmaiden tmp # iptables -S

-P INPUT ACCEPT

-P FORWARD ACCEPT

-P OUTPUT ACCEPT

-A INPUT -p udp -m udp --dport 500 -j ACCEPT

-A INPUT -p udp -m udp --dport 4500 -j ACCEPT

iptables -t nat -S

-P PREROUTING ACCEPT

-P INPUT ACCEPT

-P OUTPUT ACCEPT

-P POSTROUTING ACCEPT

-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 172.16.0.1

-A PREROUTING -p udp -m udp --dport 6666 -j DNAT --to-destination 172.16.0.1

-A PREROUTING -p udp -m udp --dport 500 -j DNAT --to-destination 172.16.0.1

-A PREROUTING -p udp -m udp --dport 4500 -j DNAT --to-destination 172.16.0.1

-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

-A POSTROUTING -s 192.168.10.0/24 -o wlan0 -j MASQUERADE

-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

My kernel 3.6.6 has ipsec build in 

Strongswan service is stopped. How can I overcome this problem without disabling ipsec in my kernel. [ kernel dropping silently udp 500 instead of forwarding]

----------

## cach0rr0

for me, i had to disable my masquerading rules, as they screwed everything up

and then let strongswan do its own iptables configuration. 

i dont have any definitive ideas. doc is sparse, and this seems to be foreign territory. But once i nuked my masquerading rules, and instead let strongswap set up networks (it actually does have the ability to modify iptables), things worked just dandy. 

Dont know how helpful that is, YMMV

----------

## OPelerin

Found the issue. It was because of Reverse Path forwarding checks turned on. That stuff was discarding silently the packet [ I had assymetric routing between Wlan and Eth0].

----------

