All you really need for this in reality is
/sbin/iptables -A INPUT -p 93 -j ACCEPT
If the firewall exists on a different box from the VPN box, change that to
the FORWARD chain. Once it's working you may tighten down access to a
particular box or boxen, but put that in for starters.
ps. You mentioned earlier that you had ipchains background. You do
realize that one of the key differences between them is the purpose of the
chains?
Basically:
ipchains: for each packet, it traversed the input chain regardless of
anything.
iptables: INPUT is only traversed for packets destined for the firewall
itself, OUTPUT is only traversed for packets originating from the firewall,
and all your forwarding rules must use the FORWARD chain. This took some
getting used to since I did most of my rules in the input chain for
ipchains.
richard
<richard.bown@blueyon To: [EMAIL PROTECTED]
der.co.uk> cc:
Sent by: Subject: [expert] IPTABLES AND
TUNNELS
expert-owner@linux-ma
ndrake.com
01/05/2002 01:36 PM
Please respond to
expert
HI ALL.
RE: IPTABLES AND TUNNELING
ANY CHANCE , REMOTE , SMALL ETC
/sbin/bastille-netfilter
what do I need to add to the script to allow Protocol 93 (IPIP)
to pass unheeded in both directions thru the public interface, ie. the
ethernet port connected to the cable modem. I can get some thru but not
all. hitting problems with netmask.
PLEASE HELP, the bastille mailing list on sourceforge is a redhat group,
seems like Mandrake is a dirty word
BG Richard
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
