I need a good iptables configuration for my Freeswan rig. I have all
private subnets (192.168.X.X) on both ends of my VPN tunnel, which works
fine. I have IP masquerading turned on. Both ends are running Red hat linux
with kernel 2.4.8 and Freeswan 1.91 and are connected to the Internet with
a Cyclades PC300 T1 interface.
The VPN Tunnel works fine. I have two left subnets, 192.168.0.0/24 and
192.168.5.0/24, at one end of my tunnel, and one sublet, 192.168.4.0/24 at
the right end. The 192.168.0.0/4 net routinely communicates with
192.168.4.0/24.
192.168.5.0/24 never needs to communicate with the other two subnets; it
should be prevented from doing so.
I want to do the following in my iptables config:
The left subnet 192.168.0.0/24 should communicate only with the right
subnet 192.168.4.0/24 by secure VPN connection. Both ends should only be
able to see the other subnet only and have no access of any kind to the
Internet at large, nor should anybody out in the Internet be able to see them.
192.168.5.0/24 needs to have general access; it is masqueraded, but never
uses the VPN. It needs to be protected from unsolicited access from the
outside; it should not have any access to the VPN tunnel.
Currently, 192.168.5.0/24 can't see the Internet at all. It worked fine
before I got FreeSwan running, but now it can't see anything but the
FreeSwan machine.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST