[Openswan Users] ipsec gatway firewal guidance

sibu sibxol at btconnect.com
Fri Mar 22 19:37:42 UTC 2013


I am trying to configure IPtables on a  ppp gateway (ppp1  ipaddress = 
$pppIP).  I have tunnelled ssh packets  to  FORWARD to a host ( 
 of address   $SOMEHOST_IP},  On the gateway firewall,  do I need rules like 

iptables -A INPUT \
-i ppp1 \
--match policy \
--pol ipsec \
--dir in \
-s $pppIP \

iptables -A OUTPUT \
-o ppp1 \
--match policy \
--pol ipsec \
--dir out \
-d $pppGW \

Now, because the packets are to be fowarded,  can I leave out the following?

--match-policy \
--pol ipsec \
--dir out/out 

And ALSO  because the packets are to be fowarded do I need prerouting rules 
and if I do  what might this be to preroute  tunneled ssh to $SOMEHOST_IP

thanks in advance


More information about the Users mailing list