Still VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Can you verify that indeed the "ip addr" command shows no virtual 
interfaces?

Cheers,
MaZe

On Fri, 27 May 2005, Simone wrote:

> Hi, still trying to understand one thing. I would definitely like to tell 
> iptables to accept all packets coming from remote vpn only if they hit the 
> $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like 
> ipsec0 device doesn't exist or it is not recognized. I red on the Openswan 
> users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface 
> (if I am not wrong this  is something backported on kernel 2.4 RHEL3) just 
> add a route to remote network through eth0, so if I want to ssh the vpn 
> server on his internal ip from the other side of the vpn I need
>
> $IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m tcp 
> --dport 22 -j ACCEPT
>
> and this is true for any other rule I would use ipsec0 in, I have to use 
> $EXTIF.
>
> Even if I am going to set sshd to listen on a different port, I am a little 
> worried this could harm my machine in any way.
>
> Comments are welcome
>
> Have a nice day
> Simone
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux