From: /dev/null (dev-null@home.com)
Date: Thu Feb 01 2001 - 14:00:46 PST
Slackware 7.1
2.2.16 kernel
486DX-66
12M RAM
2 NICs, eth0 - Internet, eth1 - lan.
I have one box on my lan that uses some special "VPN" (may not be the right
word) software that basically wraps && encrypts _all_ socket activity and
sends it to a portal box on the Internet. That portal in turn decrypts and
puts all the packets on the corporate wan. This way it looks as if my box
is sitting inside the corporate wan.
I have the exact IP addresses of the portal (and it's back up) that my local
box connects to. Right now my config allows the "connect" packets to go out
to the portal, but the portal's respons is blocked from comming into my
local lan.
It looks to me like this command is what I need:
IPCHAINS -A input -s aaa.bbb.ccc.ddd -d $OUTERNET -j ACCEPT
I think I need to put one entry per IP address, replacing the aaa.... with
the actuall IP. Am I right?
What if I further want to only allow access to certain ports, but at this
time I don't know what these ports are? Where can I go to (1) turn the
logging on for this particular connection and (2) read the logs to figure
out what ports are being used so I can can come back and modify my ACCEPT
commands to only allow those ports?
Thanks!
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:39:13 PDT