[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help needed in using vpnc in Debian Sarge

H. S. wrote:
> Apparently, _Adam Aube_, on 01/28/2005 03:25 PM,typed:
>> H. S. wrote:

>>>Problem seems to be solved. In my iptables script, I am using rules
>>>based on IP address of eth0. Now with vpn, my active device is tun0 and
>>>the firewall script doesn't know anything about that yet.

>>>Need to figure out how to do that dynamically. Maybe I can restart the
>>>iptables script after tun0 is up and do ifconfig in the script to get
>>>tun0's ipaddress as well and add it to the one of eth0, so that traffic
>>>through tun0 has similar rules as that through eth0. Suggestions?

>> Just allow traffic in/out of your tun0 interface (the -i and -o options,
>> respectively). iptables won't care if the interface isn't up yet when you
>> specify the rules.

> Actually, I made my iptables script based on Zielger's (spelling?) book.
> The rules there have -s and -d in addition to -i and -o, so the
> interface's IP address needs to be known. Now I am thinking that though
> this may be important if I am doing masquarading, but for
> non-masquarading machine just -i and -o are enough perhaps?

If you aren't using masquerading, then -i and -o alone are sufficient.

Adam
Reply to: