[Openswan Users] Iptables recommendation for roadwarrior

Chris Zimmerman czimmer at wczimmerman.dyndns.org
Fri Aug 15 13:53:23 EDT 2008


So, if a roadwarrior is running a Linux laptop with iptables, what would be
a good recommendation to secure the device from those on the network
(internet or local lan) from using that device as a router (since ip_forward
has to be enabled anyway).  The device would not do NAT, so it would be a
straight connection for the tunnel.  I've looked at the examples in the book
which assume a known IP for both ends.  I could just leave off the local IP
and have the INPUT and OUTPUT chains specify only the remote end (known
IP).  Would this be adequate?

I don't want someone setting up a route to use the network interface of the
Linux machine to then hop through the tunnel and onto a secure internal
network.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080815/a026793d/attachment.html 


More information about the Users mailing list