[Openswan Users] Iptables problem (netkey)

Michael Schwartzkopff misch at multinet.de
Wed Jan 9 10:22:25 EST 2008


Am Mittwoch, 9. Januar 2008 16:18 schrieb Arn Vollebregt:
> > -----Original Message-----
> > From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> > Behalf Of Nicole Hähnel
> >
> > Until now we added iptables rules on interface ipsec0 to accept traffic
> > between networks.
> > Without an ipsec interface it's a little bit difficult to add rules.
>
> You might want to look at the ipsec policy in iptables, which will do what
> you want
>
> Regards,
>
> Arn Vollebregt
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Sample:
iptables -A FORWARD  -i eth0  -m policy --dir out --pol ipsec  -j VPN_IN
iptables -A VPN_IN -i eth0 -d <your_server> -p tcp --dport 110 -m 
state --state NEW -j ACCEPT
iptables -A VPN_IP -i eth0 -j DROP

-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: misch at multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42


More information about the Users mailing list