Dave Scott, 2002-Mar-06 02:03 -0800: > Question on Kernel 2.4.18 and Netfilter > > Is there any way to forward GRE packets through Netfilter to a specific > Server behind the firewall? > > Also, can you have multiple GRE connections through the firewall at any > given time? > > -Dave
Dave, You ought to be able to forward based on the protocol number (47). I don't know about the multiple connections. I'm guessing here: iptables -A PREROUTING -i $INETIF -p 47 -j ACCEPT --to-destination 10.10.10.10 However, consider the security issues: - you should consider terminating the tunnel at the firewall, then letting the firewall handle the packets from there - GRE has no data encryption, so consider encryption prior to GRE encapsulation - if not encrypted, anyone can read the data in the packet - if the MTU and Fragmentation settings are not set properly, DOS attacks (whether intentional or inadvertant) are possible -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User
