Can you verify that indeed the "ip addr" command shows no virtual
interfaces?
Cheers,
MaZe
On Fri, 27 May 2005, Simone wrote:
> Hi, still trying to understand one thing. I would definitely like to tell
> iptables to accept all packets coming from remote vpn only if they hit the
> $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like
> ipsec0 device doesn't exist or it is not recognized. I red on the Openswan
> users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface
> (if I am not wrong this is something backported on kernel 2.4 RHEL3) just
> add a route to remote network through eth0, so if I want to ssh the vpn
> server on his internal ip from the other side of the vpn I need
>
> $IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m tcp
> --dport 22 -j ACCEPT
>
> and this is true for any other rule I would use ipsec0 in, I have to use
> $EXTIF.
>
> Even if I am going to set sshd to listen on a different port, I am a little
> worried this could harm my machine in any way.
>
> Comments are welcome
>
> Have a nice day
> Simone
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
