[Openswan Users] ipsec gatway firewal guidance

Willie Gillespie wgillespie+openswan at es2eng.com
Fri Mar 22 19:58:22 UTC 2013


You'll probably actually want to look at the FORWARD chain rather than 
the INPUT or OUTPUT chains.
Although, if you SSH into the gateway and then that daemon is forwarding 
the packets, then you'll need an INPUT for the SSH packets and an OUTPUT 
for wherever it's going.


On 03/22/2013 01:37 PM, sibu wrote:
> Greetings
>
> I am trying to configure IPtables on a  ppp gateway (ppp1  ipaddress =
> $pppIP).  I have tunnelled ssh packets  to  FORWARD to a host (
>   of address   $SOMEHOST_IP},  On the gateway firewall,  do I need rules like
> these?
>
> iptables -A INPUT \
> -i ppp1 \
> --match policy \
> --pol ipsec \
> --dir in \
> -s $pppIP \
> -d $SOMEHOST_IP  \
>
>
> iptables -A OUTPUT \
> -o ppp1 \
> --match policy \
> --pol ipsec \
> --dir out \
> -d $pppGW \
> -s $SOMEHOST_IP  \
>
>
> Now, because the packets are to be fowarded,  can I leave out the following?
>
> --match-policy \
> --pol ipsec \
> --dir out/out
>
>
> And ALSO  because the packets are to be fowarded do I need prerouting rules
> and if I do  what might this be to preroute  tunneled ssh to $SOMEHOST_IP
>
> thanks in advance
>
> sincerely
> sibu
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list