Re: FreeSwan, iptables, firewalls, MASQ, etc. - confused
On Fri, 05 Jul 2002 11:20:44 -0700
Curtis Vaughan <curtis@npc-usa.com> wrote:
> I have tons of literature concerning the Subject of this letter, as well
> as some responses from people on this list, and I have come to the
> conclusion that I am totally confused.
>
(snip)
> conn NPC-USA
> # Left security gateway, subnet behind it, next hop toward right.
> left=10.0.1.10
The above should be the the external IP of this side. In this case:
64.7.20.137
> leftsubnet=10.0.1.0/24
> leftnexthop=64.7.20.137
The above should be the IP of the first system a packet from 64.7.20.137
would have to pass through to reach the other side of the tunnel.
> # Right security gateway, subnet behind it, next hop toward left.
> right=10.0.0.1
> rightsubnet=10.0.0.0/24
> rightnexthop=202.107.20.30
The same changes should be made to the above settings.
> According to the primary source I'm working off, I need to enable IPv4
> forwarding. So, I added the following line to the file /etc/sysctl.conf:
>
> net.ipv4.ip_forwarding = 1
>
> The next step according to my source is to edit, what it calls a script
> file, titled iptables. Now I wrote about this recently, but have to
> admit that I don't know what people are talking about. Sorry.
This is only necessary if you want the freeswan package to make changes to
your firewall when the connection is brought up or down.
> Now there are more steps after this, but I'm not certain about creating
> this iptables file, where exactly I should put and apparently people
> have told me I have to link it to runlevels.
The iptables file is simply a script to define a set of rules to allow and
deny specified packets. There are several scripts and tools that will
help with the process. The script I use is available at:
http://asgardsrealm.net/linux/firewall/
HTH
--
Jamin W. Collins
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: