[plug] Iptables Help - UDP
Timothy White
weirdo at tigris.org
Fri Feb 4 16:02:05 WST 2005
Cameron Patrick wrote:
>Russell Steicke wrote:
>
>
>
>>Without reading through all your iptables rules, I guess that you'd
>>need (at least) a rule like this:
>>
>> iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
>>
>>
>
>FORWARD, not INPUT, yeah? Unless you're running the VPN client on the
>gateway machine (which is what I prefer to do) so that all machines on
>the internal network can see the VPN without extra hassle. This does
>make the iptables rules and routing tables more "fun". However, I did
>learn a lot about TCP/IP in the process :)
>
>I'd be extra super paranoid and specify source and destination
>addresses too (which would mean you'd need two rules, one to allow
>packets from Alcoa and one to allow packets to Alcoa).
>
>
The VPN client is on a Standard Alcoa, Windows XP laptop :(
The only machine that needs the VPN is the laptop.
As I'm fairly new to iptables I'm guessing that I need an INPUT rule on
both ppp0 and eth0 on the appropriate ports and protocols (and address.)
Then a FORWARD rule from ppp0 to eth0 (then laptop ip) for incoming and
another FORWARD the other way round with the VPN ip?
Would this be correct? (Anyone want to try and write the rules (dummy
IP's are fine) so I can see what is happening?
Tim
--
Tim White - Use the Fox, Luke!
PGP/GPG id: 602E944D, Pub Key Serv: subkeys.pgp.net
Fingerprint: 04C2 9682 B7B2 3006 009D A9F3 067E EDCD 602E 944D
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20050204/07167a9a/attachment.pgp>
More information about the plug
mailing list