Re: help needed in using vpnc in Debian Sarge

• Previous message: utanja: "Re: gnome-cups-icon (print notfication icon)"
• In reply to: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Next in thread: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Reply: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: debian-user@lists.debian.org
Date: Fri, 28 Jan 2005 17:31:05 -0500

H. S. wrote:
> Apparently, _Adam Aube_, on 01/28/2005 03:25 PM,typed:
>> H. S. wrote:

>>>Problem seems to be solved. In my iptables script, I am using rules
>>>based on IP address of eth0. Now with vpn, my active device is tun0 and
>>>the firewall script doesn't know anything about that yet.

>>>Need to figure out how to do that dynamically. Maybe I can restart the
>>>iptables script after tun0 is up and do ifconfig in the script to get
>>>tun0's ipaddress as well and add it to the one of eth0, so that traffic
>>>through tun0 has similar rules as that through eth0. Suggestions?

>> Just allow traffic in/out of your tun0 interface (the -i and -o options,
>> respectively). iptables won't care if the interface isn't up yet when you
>> specify the rules.

> Actually, I made my iptables script based on Zielger's (spelling?) book.
> The rules there have -s and -d in addition to -i and -o, so the
> interface's IP address needs to be known. Now I am thinking that though
> this may be important if I am doing masquarading, but for
> non-masquarading machine just -i and -o are enough perhaps?

If you aren't using masquerading, then -i and -o alone are sufficient.

Adam

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: utanja: "Re: gnome-cups-icon (print notfication icon)"
• In reply to: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Next in thread: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Reply: H. S.: "Re: help needed in using vpnc in Debian Sarge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Sunscreen issue ... Is there a way to specify different rules for different interface? ... Mail - You care about security. ... (SunManagers) Re: Quartus II infered latches ... it does not matter what intermediate signals or any ... statement or a selected signal assignment statement. ... the way you have to specify a don't care is to specify the ... (comp.lang.vhdl) Re: Quartus II infered latches ... it does not matter what intermediate signals or any ... statement or a selected signal assignment statement. ... the way you have to specify a don't care is to specify the ... (comp.lang.vhdl) Re: passive ftp problem ... echo " External Interface: $EXTIF" ... # If your Linux distribution came with a copy of iptables, ... Outgoing traffic from various internfaces. ... (comp.os.linux.security) Re: Share internet connection/make a small server ... iptables: ... Shutting down interface eth0: ... Shutting down interface eth1: ... (Fedora)