Re: VPN on Kernel 2.4.18
Dave Scott, 2002-Mar-06 02:03 -0800:
> Question on Kernel 2.4.18 and Netfilter
>
> Is there any way to forward GRE packets through Netfilter to a specific
> Server behind the firewall?
>
> Also, can you have multiple GRE connections through the firewall at any
> given time?
>
> -Dave
Dave,
You ought to be able to forward based on the protocol number
(47). I don't know about the multiple connections.
I'm guessing here:
iptables -A PREROUTING -i $INETIF -p 47 -j ACCEPT
--to-destination 10.10.10.10
However, consider the security issues:
- you should consider terminating the tunnel at the firewall,
then letting the firewall handle the packets from there
- GRE has no data encryption, so consider encryption prior to GRE
encapsulation
- if not encrypted, anyone can read the data in the packet
- if the MTU and Fragmentation settings are not set properly, DOS
attacks (whether intentional or inadvertant) are possible
--
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
Reply to: