[ale] Iptables with vpn

Pat Regan thehead at patshead.com
Thu Oct 16 14:59:21 EDT 2008


Chris Fowler wrote:
> I've got my VPN working well and I want to test something unique.

It doesn't sound too unique.  :)

> What I'm trying to accomplish is the ability to lock down a client to
> use a specific gateway(s).  If that client decides to manually
> add a route because they know where other stuff is located,  I do
> not want the Linux kernel to route those packets to other gateways.

I have a feeling you are making it more complicated than it has to be.
You probably don't want to be writing the firewall rules to allow
traversal of specific gateways.  You probably want to allow traversal to
specific subnets.

If I understand correctly you want to make a single rule that says
something line "allow access to all subnets behind route x."  You'll
have a much easier time if you just whitelist the subnets and not worry
about the routes.

> Confusing?

You tell me :).  If I'm correct about what you're trying to do, then I
don't think it was confusing.

Pat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20081016/a24afcf8/attachment.bin 


More information about the Ale mailing list