Windows VPN client behind linux firewall
James McDonald
james
Tue Aug 1 22:05:36 PDT 2006
>
> try these rules (assume eth0 is Internet, eth1 is LAN):
> $IPT -I INPUT -m state --state NEW,RELATED,ESTABLISHED -i ! eth0 -j ACCEPT
> $IPT -I INPUT -m state --state RELATED,ESTABLISHED -i eth0 -j ACCEPT
> $IPT -I FORWARD -m state --state NEW,RELATED,ESTABLISHED -i ! eth0 -j
> ACCEPT
> $IPT -I FORWARD -m state --state RELATED,ESTABLISHED -i eth0 -j ACCEPT
> $IPT -I INPUT -m state --state NEW,INVALID -i eth0 -j DROP
> $IPT -I FORWARD -m state --state NEW,INVALID -i eth0 -j DROP
the NAT rule on my fwbuilder.org firewall script includes the following
for NATing along with the code david has stated above.
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INT -s $INTERNAL_NET -j SNAT
--to-source $EXTERNAL_INT_IP
where EXTERNAL_INT is the external interface in my case ppp0
the INTERNAL_NET is the internal network address in CIDR notation e.g.
192.168.1.0/24
and the EXTERNAL_INT_IP is the external interface IP address
--
James McDonald
Telarah NSW Australia
More information about the Linux-users
mailing list