[plug] Iptables Help - UDP
Cameron Patrick
cameron at patrick.wattle.id.au
Fri Feb 4 14:38:23 WST 2005
Russell Steicke wrote:
> Without reading through all your iptables rules, I guess that you'd
> need (at least) a rule like this:
>
> iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
FORWARD, not INPUT, yeah? Unless you're running the VPN client on the
gateway machine (which is what I prefer to do) so that all machines on
the internal network can see the VPN without extra hassle. This does
make the iptables rules and routing tables more "fun". However, I did
learn a lot about TCP/IP in the process :)
I'd be extra super paranoid and specify source and destination
addresses too (which would mean you'd need two rules, one to allow
packets from Alcoa and one to allow packets to Alcoa).
Cameron
More information about the plug
mailing list