Hello,
-pool isn't correct, try with --pol ipsec
> - The first one to allow flows from the lan of RUT 1 to the lan of RUT 2 and specifying the port number,
Be sure to have the correct values for "local subnet" and "remote subnet" in Connection Settings->General Settings
To allow specific ports only and icmp:
iptables -A FORWARD -s lan1net/24 -d lan2net/24 -p tcp -m multiport --dports 5004,9080 -j ACCEPT
iptables -A FORWARD -s lan1net/24 -d lan2net/24 -p udp -m multiport --dports 5004,9080 -j ACCEPT
iptables -A FORWARD -s lan1net/24 -d lan2net/24 -p icmp -j ACCEPT
iptables -A FORWARD -s lan1net/24 -d lan2net/24 -j DROP
There may be a glitch in the default firewall, if the traffic doesn't flow as expected add this rule on both sides:
iptables -t nat -I POSTROUTING -m policy --dir out --pol ipsec -j ACCEPT
Regards,