[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Iptables with vpn

Subject: [ale] Iptables with vpn
From: thehead at patshead.com (Pat Regan)
Date: Thu, 16 Oct 2008 14:59:21 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

Chris Fowler wrote:
> I've got my VPN working well and I want to test something unique.

It doesn't sound too unique.  :)

> What I'm trying to accomplish is the ability to lock down a client to
> use a specific gateway(s).  If that client decides to manually
> add a route because they know where other stuff is located,  I do
> not want the Linux kernel to route those packets to other gateways.

I have a feeling you are making it more complicated than it has to be.
You probably don't want to be writing the firewall rules to allow
traversal of specific gateways.  You probably want to allow traversal to
specific subnets.

If I understand correctly you want to make a single rule that says
something line "allow access to all subnets behind route x."  You'll
have a much easier time if you just whitelist the subnets and not worry
about the routes.

> Confusing?

You tell me :).  If I'm correct about what you're trying to do, then I
don't think it was confusing.

Pat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20081016/a24afcf8/attachment.bin

Follow-Ups:
- [ale] Iptables with vpn
  - From: cfowler at outpostsentinel.com (Chris Fowler)

References:
- [ale] Iptables with vpn
  - From: cfowler at outpostsentinel.com (Chris Fowler)

Prev by Date: [ale] R&D server for VMware ESX?
Next by Date: [ale] R&D server for VMware ESX?
Previous by thread: [ale] Iptables with vpn
Next by thread: [ale] Iptables with vpn
Index(es):
- Date
- Thread