LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables and VPN connections (http://www.linuxquestions.org/questions/linux-networking-3/iptables-and-vpn-connections-308162/)

lucifercipher 03-31-2005 06:25 AM

iptables and VPN connections
 
Hi,

Does someone have to set iptables to accept VPN connections or they are handled by kernel routing automatically?

Nathanael 04-02-2005 03:19 AM

vpn's are run over layer 3 - in that case they most likley will need to pass through iptables!
(that's what i think!)

fr_laz 04-05-2005 09:43 AM

Hi,

yes you definitely have to.

There's a trick since when you, as an exemple, tunnel port http 80, your Linux box will first see an ESP packet ; then your vpn software will decrypt traffic, and the Linux box will see an incomming http packet. Best way to see what's happening is to play a bit with ethereal.

Thus, so as to allow http incomming through vpn, you need both
Code:

iptables -A INPUT -i eth0 -p esp -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -dport 80 -j ACCEPT

But the second line is quite uncool !! So here's the trick :
Code:

iptables -A INPUT -i eth0 -p esp -j ACCEPT
iptables -t mangle -I INPUT -p esp -j MARK --set-mark 1
iptables -I FORWARD -m mark --mark 1 -j ACCEPT



All times are GMT -5. The time now is 10:19 PM.