[CentOS] Still VPN
Simone
simone72 at email.it
Fri May 27 15:14:41 UTC 2005
Yes, unfortunately I can :)
this is tricky isn't it? It could be a security hole I think, so I'll
have some more googling around and see if I can find anything related.
If I do I will share it.
Btw, the VPN is up and running, thanks to your help.
[root at srvgwvpn01 simone]# /sbin/ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet xxx.xxx.xxx.xxx/28 brd xxx.xxx.xxx.xxx scope global eth0
5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
Have a nice day
Simone
Maciej Żenczykowski wrote:
> Can you verify that indeed the "ip addr" command shows no virtual
> interfaces?
>
> Cheers,
> MaZe
>
> On Fri, 27 May 2005, Simone wrote:
>
>> Hi, still trying to understand one thing. I would definitely like to
>> tell iptables to accept all packets coming from remote vpn only if
>> they hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not
>> working, looks like ipsec0 device doesn't exist or it is not
>> recognized. I red on the Openswan users list, that Linux kernel 2.6
>> native ipsec don't create ipsec* interface (if I am not wrong this is
>> something backported on kernel 2.4 RHEL3) just add a route to remote
>> network through eth0, so if I want to ssh the vpn server on his
>> internal ip from the other side of the vpn I need
>>
>> $IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m
>> tcp --dport 22 -j ACCEPT
>>
>> and this is true for any other rule I would use ipsec0 in, I have to
>> use $EXTIF.
>>
>> Even if I am going to set sshd to listen on a different port, I am a
>> little worried this could harm my machine in any way.
>>
>> Comments are welcome
>>
>> Have a nice day
>> Simone
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list