I have a Freeswan gateway setup which is also my firewall (IPTABLES). The people on the LAN network (192.168.1.0) can get to the POP3 server out on the Public internet when ipsec is off; but once it it is activated, they can no longer get POP3 mail.
This is what I have in my rc.firewall script to allow my LAN clients to get their POP3:
iptables -t nat -A POSTROUTING -p tcp --dport 110 -o eth0 -s 192.168.1.0/24 -j SNAT --to $external_ip
ALL my LAN clients are expected to be IPSEC clients as well with static IP addresses within this range 192.168.1.0
I wonder if there's something else that I need to touch to get around this.