Hi, still trying to understand one thing. I would definitely like to
tell iptables to accept all packets coming from remote vpn only if they
hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working,
looks like ipsec0 device doesn't exist or it is not recognized. I red on
the Openswan users list, that Linux kernel 2.6 native ipsec don't create
ipsec* interface (if I am not wrong this is something backported on
kernel 2.4 RHEL3) just add a route to remote network through eth0, so if
I want to ssh the vpn server on his internal ip from the other side of
the vpn I need
$IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m tcp
--dport 22 -j ACCEPT
and this is true for any other rule I would use ipsec0 in, I have to use
$EXTIF.
Even if I am going to set sshd to listen on a different port, I am a
little worried this could harm my machine in any way.
Comments are welcome
Have a nice day
Simone
