I'm in my first week with iptables, so I'm still on thin ice regarding iptables and rules.
I've successful put up a gateway server with 3 NICs (1 internet, 2 internal, 0 dmz), a functioning freeswan/ipsec solution and dhcpd/djbdns/vpopmail/sshd on this server. >From internet, I can access the servers services ssh/dns/pop/imap/smtp, and the same from internal LAN. Through ipsec, I can reach the services on the internal LANs, but I can't ssh directly to either of the internal LANs interface, or as in this case reach the dnscache through ipsec. eth0 - external eth1 - internal1 - MASQ eth0 eth2 - internal2 - MASQ eth0 ipsec0 - eth0 Feb 27 20:05:20 mail kernel: SuSE-FW-UNALLOWED-TARGET IN=ipsec0 OUT= MAC=00:d0:b7:88:68:fa:00:d0:b7:1e:00:5d:08:00 SRC=193.100.10.5 DST=10.0.0.1 LEN=73 TOS=0x10 PREC=0x00 TTL=127 ID=32247 PROTO=UDP SPT=3406 DPT=53 LEN=53 Could anyone please help me with an iptables option to allow everything on the server from a spesific IP address/range on the ipsec0 interface? regards -- Einar Bordewich einar (at) bordewich.NET
