Hi
I have a ipsec tunnel deployed/configured as below:
PC1----(lan)[GW1](wan)=====IPSEC====(wan)[GW2](lan)---PC2
PC1-ipaddr: 192.168.22.x
PC2-ipaddr: 192.168.25.x
GW1-lan-ipaddr: 192.168.22.1
GW2-lan-ipaddr: 192.168.25.1
I see that to allow access to 192.168.22.1 from PC2 (via the ipsec tunnel)
i should use the options "lefthostaccess=yes" (and also leftfirewall=yes)
on GW1
And when we use the options..we have the following iptable rules added on
GW1 (thru the updown script automatically whenever the tunnel is UP)
---------------------------------------------------------------------------------------------------
root@lssimgw1:/usr/local/etc# iptables -nvL
Chain INPUT (policy ACCEPT 52 packets, 4680 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth0 * 192.168.22.0/24
192.168.25.0/24 policy match dir in pol ipsec reqid 1 proto 50
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth0 * 192.168.22.0/24
192.168.25.0/24 policy match dir in pol ipsec reqid 1 proto 50
0 0 ACCEPT all -- * eth0 192.168.25.0/24
192.168.22.0/24 policy match dir out pol ipsec reqid 1 proto 50
Chain OUTPUT (policy ACCEPT 40 packets, 3976 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * eth0 192.168.25.0/24
192.168.22.0/24 policy match dir out pol ipsec reqid 1 proto 50
root@lssimgw1:/usr/local/etc#
--------------------------------------------------------------------------------------------------------
- so once we have the above fw rules in place in the INPUT/OUTPUT
chain,..we can access the GW1-lan-ip from PC2 via the ipsec tunnel
successfully...
- The similar observation is also made for using the lefthostaccess option
on GW2 too..
Now if i use "righthostaccess=yes"...i dont see any rules getting added in
the INPUT/OUTPUT chain...neither in GW1 or in GW2
- So my query is: whats the use of the option "righthostaccess=yes"...where
and when do we use this option?
thanks & regards
Rajiv
