[strongSwan] $PLUTO_HOST_ACCESS variable
Vukovics Mihály
vm at informatik.hu
Mon Oct 3 11:53:12 CEST 2016
Hello,
I am trying to fix that issue, that the responder works as a gateway and
and a server, thus not only the FORWARD rules needs to be added but the
INPUT rules also. The pluto interface(eth1) has only SSH/IPSEC ports
enabled, other services listening on another interface(eth0).
The packects coming from the RW not accepted (eth1), and want to add
dynamic rules as the FORWARDs.
So I was checking default updown script invoked by leftfirewall and
found that $PLUTO_HOST_ACCESS variable is used some times, but not
initialized in the script.
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT $S_MY_PORT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
Where from is getting its value?
--
Tisztelettel:
Vukovics Mihály
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161003/678e0483/attachment.html>
More information about the Users
mailing list