[Openswan Users] ipsec gatway firewal guidance
Willie Gillespie
wgillespie+openswan at es2eng.com
Fri Mar 22 19:58:22 UTC 2013
You'll probably actually want to look at the FORWARD chain rather than
the INPUT or OUTPUT chains.
Although, if you SSH into the gateway and then that daemon is forwarding
the packets, then you'll need an INPUT for the SSH packets and an OUTPUT
for wherever it's going.
On 03/22/2013 01:37 PM, sibu wrote:
> Greetings
>
> I am trying to configure IPtables on a ppp gateway (ppp1 ipaddress =
> $pppIP). I have tunnelled ssh packets to FORWARD to a host (
> of address $SOMEHOST_IP}, On the gateway firewall, do I need rules like
> these?
>
> iptables -A INPUT \
> -i ppp1 \
> --match policy \
> --pol ipsec \
> --dir in \
> -s $pppIP \
> -d $SOMEHOST_IP \
>
>
> iptables -A OUTPUT \
> -o ppp1 \
> --match policy \
> --pol ipsec \
> --dir out \
> -d $pppGW \
> -s $SOMEHOST_IP \
>
>
> Now, because the packets are to be fowarded, can I leave out the following?
>
> --match-policy \
> --pol ipsec \
> --dir out/out
>
>
> And ALSO because the packets are to be fowarded do I need prerouting rules
> and if I do what might this be to preroute tunneled ssh to $SOMEHOST_IP
>
> thanks in advance
>
> sincerely
> sibu
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list