[Openswan Users] iptables -d dilema for ipsec(ed) firewall question

sibu sibxol at btconnect.com
Fri Mar 29 22:27:01 UTC 2013


Suppose I have a computer  with network-interfaces ppp+ and eth0 of fixed  
address say ,

I have IPsec traffic coming through the ppp0 interface which I want to send to 
another network. to which eth0 is attached.  Suppose this other network sits 
on a subnet.  In my IPtables script (for the computer with the ppp+ 
interface ), could I have a line such as the following  therein:-

iptables \
--append INPUT \
--match policy \
--pol ipsec \
--dir in \
--in-interface ppp0 \

though I do not have the subnet  on this  machine ?

Alternatively If this is not possible is there a way to mark the packets  to 
identify their destination prior to sending them on?
Advice would be appreciated


More information about the Users mailing list