recently i connected together two internal networks over an IPSec-tunnel:
(Localnet A)---(Gateway A)==IPSec==(Gateway B)---(Localnet B)
Now i am unsure which iptables-rules i should apply to the external interfaces of the gateways to match the traffic between the Localnets without opening up a security hole. Is it sufficient to simply apply some general rules like:
$IPTABLES -A FORWARD -i $INET_IFACE -s 192.168.a.0/24 -j ACCEPT $IPTABLES -A FORWARD -i $INET_IFACE -s 192.168.b.0/24 -j ACCEPT
or would this approach be vulnerable to some kind of IP-spoofing attack? What would be your solutions in this situation?
Thanks for your help, Carsten.
