[strongSwan] Strongwan on gateway IPgables guidance

lux-integ lux-integ at btconnect.com
Fri Mar 22 18:22:59 CET 2013


I am trying to configure IPtables on a strongswan-installed ppp gateway (ppp1 
ipaddress = $pppIP).  I have tunnelled ssh packets  to  FORWARD to a host ( 
call this IP $SOMEHOST_IP},  

--question:: on the gateway firewall,  do I need these:-

iptables -A INPUT \
-i ppp1 \
--match policy \
--pol ipsec \
--dir in \
-s $pppIP \

iptables -A OUTPUT \
-o ppp1 \
--match policy \
--pol ipsec \
--dir out \
-d $pppGW \

Now, because the packets are to be fowarded 
 can I leave out the following:-

--match-policy \
--pol ipsec \
--dir out/out 


And ALSO  because the packets are to be fowarded do I need prerouting rules 
and if I do  what might this be to preroute  tunneled ssh to $SOMEHOST_IP

thanks in advance

ps and another thing:-  this requid 1  reauid 2   I see cropping up in 
strongswan IPtables scripts 
-how is this determined ?
(and I have read the manpage of iptables )


More information about the Users mailing list