[strongSwan] iptables_ipsec howto
lux-integ
lux-integ at btconnect.com
Fri Mar 22 00:10:59 CET 2013
Greetings,
I am trying to get my head round iptables-scripts for IPsec. Take the
prototype example of ssh tunnelled from a source over the internet through a
ppp gateway
to some machine ( ${SOMEMachine} ). Of the A,B,C and D examples (for the
gateway firewall ) below; which if any would be the best iptables script.
######### A ############
iptables -A INPUT -p tcp \
-s 0/0 \
-d 0/0 \
--dport 22 \
-j ACCEPT # tunnel ssh
###### B ###########
iptables -A INPUT -p tcp \
-s 0/0 \
-d ${SOMEMachine} \
--dport 22 \
-m mark \
--mark 50 \
-j ACCEPT # tunnel ssh
###### C ########
iptables-A INPUT -p tcp \
--match policy \
--pol ipsec \
--dir in \
--mode tunnel \
-s ppp1_IPaddress \
-d ${SOMEMachine} \
--dport 22 \
-j ACCEPT # tunnel ssh
###### D ########
iptables-A INPUT -p tcp \
--match policy \
--pol ipsec \
--dir in \
--mode tunnel \
-s ppp1_IPaddress \
-d ${SOMEMachine} \
--dport 22 \
-m mark \
--mark 50 \
-j ACCEPT # tunnel ssh
thanks in advance
sincerely
luxInteg
More information about the Users
mailing list