IPTABLES question, multiple rules.

From: Hernán Freschi (hjf.usenet_at_hjf.com.ar)
Date: 04/20/05


Date: Wed, 20 Apr 2005 15:07:24 -0300

Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN
server. This server will be shared among several customers, each one a
different company with many connections. So i'll have:
CLIENTS 1, 2, 3, 4 belong to company A
clients 5, 6, 7 and 8 belong to company B.

I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and so
on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company B.

All clients will connect to the same VPN server, but this server will
automatically assign the right IP address, based on the username. So, in
order to keep packets within each customer's network, I do something like:

iptables -P FORWARD DROP

iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
...

So for every company I add, I need a new rule. Is this the only way to
go, or is there an easier way to do this?

hjf

-- 
Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado.
http://www.hjf.com.ar/