[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Openswan and iptables

To: list@xxxxxxxxxxxx
Subject: [LUG] Openswan and iptables
From: Alex Charrett <alex@xxxxxxxxxxxx>
Date: Mon, 17 Oct 2005 22:26:25 +0100 (BST)


Hi All,

I'm getting very confused with openswan and iptables. I've got myopenswan connection establised fine and I get encryped packets going backand forth between the machines, but as soon as I bring iptables up on theserver end it stops working. I'm guessing this is due to the lack ofdistinct ipsec0 interface in openswan unlike when it was still freeswan.


I'm allowing all the stuff I think I should be:
iptables -A INPUT -i eth1 -p 50 -j ACCEPT
iptables -A INPUT -i eth1 -p 51 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --destination-port 500 -j ACCEPT

And then rejecting anything else:
iptables -A INPUT -i eth1 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROP

Presumably in the old days it once the packets came in on ipsec0 theyweren't affected by the firewall, but I can't see how to account for thatnow.


Cheers,
Alex.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] Openswan and iptables
- From: Robin Cornelius

Prev by Date: Re: [LUG] suse console ttys
Next by Date: [LUG] Broadband
Previous by thread: Re: [LUG] Openoffice 2.0 rc3
Next by thread: Re: [LUG] Openswan and iptables
Index(es):
- Date
- Thread