At 02:56 PM 8/15/02 -0500, Joey Officer wrote: >In my situation, I have to allow someone in from an outside source. I >already have IPSec in place, but they are not using any sort of IPSec >gateway/tunneling. How do I allow incoming connections from an outside >source (I'll know the IP) to an internal machine. I assume this is using >some sort of IP forwarding. > >I'm in a little bit of a bind and would really appreciate a quick response!
Exactly how you do this depends on what service is involved and what version of LEAF you are running. With ipchains and ipmasqadm, you can't port-forward ALL ports to an internal host for traffic from a specific source address. With iptables, I *think* you actually can do this, though I haen't tried myself ... I wouldn't recommend it, though, because doing this is effectively turning off your firewalling for all traffic from that address, including traffic that contains unencrypted passwords. The simplest way to allow access that is safe is to use ssh on a non-standard port. Have the router forward traffic from that port to sshd running (probably on the normal port 22) on the internal host. Again, the details vary with LEAF version, since they use slightly different configuration files and different kernel versions (hence, ipchains or iptables). BTW, we are not "LRP support" here. We are LEAF support. -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html