IPTABLES question, multiple rules
From: Hernán Freschi (hjf.usenet_at_hjf.com.ar)
Date: 04/21/05
- Next message: Jean-David Beyer: "Re: /var keeps going read-only"
- Previous message: Jeff: "Re: /var keeps going read-only"
- Next in thread: Mike Mol: "Re: IPTABLES question, multiple rules"
- Reply: Mike Mol: "Re: IPTABLES question, multiple rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 21 Apr 2005 13:07:45 -0300
Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN
server. This server will be shared among several customers, each one a
different company with many connections. So i'll have:
CLIENTS 1, 2, 3, 4 belong to company A
clients 5, 6, 7 and 8 belong to company B.
I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and so
on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company B.
All clients will connect to the same VPN server, but this server will
automatically assign the right IP address, based on the username. So, in
order to keep packets within each customer's network, I do something like:
iptables -P FORWARD DROP
iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
...
So for every company I add, I need a new rule. Is this the only way to
go, or is there an easier way to do this?
hjf
-- Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado. http://www.hjf.com.ar/ hjf -- Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado. http://www.hjf.com.ar/
- Next message: Jean-David Beyer: "Re: /var keeps going read-only"
- Previous message: Jeff: "Re: /var keeps going read-only"
- Next in thread: Mike Mol: "Re: IPTABLES question, multiple rules"
- Reply: Mike Mol: "Re: IPTABLES question, multiple rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
