[strongSwan] Strongwan on gateway IPgables guidance
lux-integ
lux-integ at btconnect.com
Fri Mar 22 18:22:59 CET 2013
Greetings
I am trying to configure IPtables on a strongswan-installed ppp gateway (ppp1
ipaddress = $pppIP). I have tunnelled ssh packets to FORWARD to a host (
call this IP $SOMEHOST_IP},
--question:: on the gateway firewall, do I need these:-
iptables -A INPUT \
-i ppp1 \
--match policy \
--pol ipsec \
--dir in \
-s $pppIP \
-d $SOMEHOST_IP \
iptables -A OUTPUT \
-o ppp1 \
--match policy \
--pol ipsec \
--dir out \
-d $pppGW \
-s $SOMEHOST_IP \
Now, because the packets are to be fowarded
can I leave out the following:-
--match-policy \
--pol ipsec \
--dir out/out
??
And ALSO because the packets are to be fowarded do I need prerouting rules
and if I do what might this be to preroute tunneled ssh to $SOMEHOST_IP
thanks in advance
sincerely
luxInteg
ps and another thing:- this requid 1 reauid 2 I see cropping up in
strongswan IPtables scripts
-how is this determined ?
(and I have read the manpage of iptables )
sincerely
LuxInteg
More information about the Users
mailing list