26 May
2005
26 May
'05
12:50 p.m.
This seems very decent now!
Looks like if I drop these it won't work. So I changed it to just catch packets coming from the cisco pix public IP at the other end:
weird protocol 50 and 51 are theoretically ipv6 related, oh well
this next one could probably also contain a "-o $VIRTUALVPNINTERFACE"
$IPTABLES -t nat -A POSTROUTING -s $INTNET -d $FBCMEDIA -j ACCEPT
and that's about it - seems real nice now.
(now to get my own centos4-centos4 VPN working...)
Cheers, MaZe.