I guess iptables -I INPUT 36 -i ipsec0 -s 193.100.10.0/28 -j ACCEPT did the job.
-- Einar Bordewich einar (at) bordewich.NET ----- Original Message ----- From: "Einar Bordewich" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 26, 2002 8:40 PM Subject: Services through freeswan/ipsec at gateway > I'm in my first week with iptables, so I'm still on thin ice regarding > iptables and rules. > > I've successful put up a gateway server with 3 NICs (1 internet, 2 internal, > 0 dmz), a functioning freeswan/ipsec solution and dhcpd/djbdns/vpopmail/sshd > on this server. > > From internet, I can access the servers services ssh/dns/pop/imap/smtp, and > the same from internal LAN. > > Through ipsec, I can reach the services on the internal LANs, but I can't > ssh directly to either of the internal LANs interface, or as in this case > reach the dnscache through ipsec. > > eth0 - external > eth1 - internal1 - MASQ eth0 > eth2 - internal2 - MASQ eth0 > ipsec0 - eth0 > > Feb 27 20:05:20 mail kernel: SuSE-FW-UNALLOWED-TARGET IN=ipsec0 OUT= > MAC=00:d0:b7:88:68:fa:00:d0:b7:1e:00:5d:08:00 SRC=193.100.10.5 DST=10.0.0.1 > LEN=73 TOS=0x10 PREC=0x00 TTL=127 ID=32247 PROTO=UDP SPT=3406 DPT=53 LEN=53 > > Could anyone please help me with an iptables option to allow everything on > the server from a spesific IP address/range on the ipsec0 interface? > > regards > -- > Einar Bordewich > einar (at) bordewich.NET > > >
