kernel dropping silently port forwarding on port 500[SOLVED]

[OPelerin]

packets on port 53 are properly forwarded - same thing for port 6666

ironmaiden tmp # iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT

iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 6666 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 500 -j DNAT --to-destination 172.16.0.1
-A PREROUTING -p udp -m udp --dport 4500 -j DNAT --to-destination 172.16.0.1
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/24 -o wlan0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE


My kernel 3.6.6 has ipsec build in

Strongswan service is stopped. How can I overcome this problem without disabling ipsec in my kernel. [ kernel dropping silently udp 500 instead of forwarding]
_________________
Olivier PELERIN

[cach0rr0]

for me, i had to disable my masquerading rules, as they screwed everything up
and then let strongswan do its own iptables configuration.

i dont have any definitive ideas. doc is sparse, and this seems to be foreign territory. But once i nuked my masquerading rules, and instead let strongswap set up networks (it actually does have the ability to modify iptables), things worked just dandy.

Dont know how helpful that is, YMMV
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[OPelerin]

Found the issue. It was because of Reverse Path forwarding checks turned on. That stuff was discarding silently the packet [ I had assymetric routing between Wlan and Eth0].
_________________
Olivier PELERIN