[Openswan Users] ipsec gatway firewal guidance
sibu
sibxol at btconnect.com
Fri Mar 22 19:37:42 UTC 2013
Greetings
I am trying to configure IPtables on a ppp gateway (ppp1 ipaddress =
$pppIP). I have tunnelled ssh packets to FORWARD to a host (
of address $SOMEHOST_IP}, On the gateway firewall, do I need rules like
these?
iptables -A INPUT \
-i ppp1 \
--match policy \
--pol ipsec \
--dir in \
-s $pppIP \
-d $SOMEHOST_IP \
iptables -A OUTPUT \
-o ppp1 \
--match policy \
--pol ipsec \
--dir out \
-d $pppGW \
-s $SOMEHOST_IP \
Now, because the packets are to be fowarded, can I leave out the following?
--match-policy \
--pol ipsec \
--dir out/out
And ALSO because the packets are to be fowarded do I need prerouting rules
and if I do what might this be to preroute tunneled ssh to $SOMEHOST_IP
thanks in advance
sincerely
sibu
More information about the Users
mailing list