Re: help needed in using vpnc in Debian Sarge

["H. S." <greatexcalibur@yahoo.com>]

Apparently, _Adam Aube_, on 01/28/2005 03:25 PM,typed:
> H. S. wrote:
>
>
> > Problem seems to be solved. In my iptables script, I am using rules
> > based on IP address of eth0. Now with vpn, my active device is tun0 and
> > the firewall script doesn't know anything about that yet.
> >
> > Need to figure out how to do that dynamically. Maybe I can restart the
> > iptables script after tun0 is up and do ifconfig in the script to get
> > tun0's ipaddress as well and add it to the one of eth0, so that traffic
> > through tun0 has similar rules as that through eth0. Suggestions?
>
>
> Just allow traffic in/out of your tun0 interface (the -i and -o options,
> respectively). iptables won't care if the interface isn't up yet when you
> specify the rules.
>
> Adam


Actually, I made my iptables script based on Zielger's (spelling?) book. 
The rules there have -s and -d in addition to -i and -o, so the 
interface's IP address needs to be known. Now I am thinking that though 
this may be important if I am doing masquarading, but for 
non-masquarading machine just -i and -o are enough perhaps?

->HS

--
(Remove all underscores,if any, from my email address to get the correct 
one. Apologies for the inconvenience but this is to reduce spam.)