IPTABLES question, multiple rules.
From: Hernán Freschi (hjf.usenet_at_hjf.com.ar)
Date: 04/20/05
- Next message: JDS: "Re: FC2 versus FC3 -- my own experiences"
- Previous message: Ivan Marsh: "Re: FC2 versus FC3 -- my own experiences"
- Next in thread: Hrvoje Spoljar: "Re: IPTABLES question, multiple rules."
- Reply: Hrvoje Spoljar: "Re: IPTABLES question, multiple rules."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 20 Apr 2005 15:07:24 -0300
Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN
server. This server will be shared among several customers, each one a
different company with many connections. So i'll have:
CLIENTS 1, 2, 3, 4 belong to company A
clients 5, 6, 7 and 8 belong to company B.
I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and so
on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company B.
All clients will connect to the same VPN server, but this server will
automatically assign the right IP address, based on the username. So, in
order to keep packets within each customer's network, I do something like:
iptables -P FORWARD DROP
iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
...
So for every company I add, I need a new rule. Is this the only way to
go, or is there an easier way to do this?
hjf
-- Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado. http://www.hjf.com.ar/
- Next message: JDS: "Re: FC2 versus FC3 -- my own experiences"
- Previous message: Ivan Marsh: "Re: FC2 versus FC3 -- my own experiences"
- Next in thread: Hrvoje Spoljar: "Re: IPTABLES question, multiple rules."
- Reply: Hrvoje Spoljar: "Re: IPTABLES question, multiple rules."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
