Mumia Paduille & others, mp> ... iptables ... might go something like this ...
Thanks! This is my instance, not yet tested. #========= # Configuration of iptables at either end of an openvpn tunnel # configured to use port 4122. Packets entering the tunnel # are redirected to port 22, which is shared with ssh. Packets # exiting the tunnel are redirected back to 4122. # <tunnel> is 10.4.0.1 on one end and 10.4.0.2 on the other. # # Outgoing packets converge onto port 22. iptables -t nat -A POSTROUTING -p tcp -s <tunnel> --sport 4122 -j REDIRECT --to-port 22 # # Incoming packets diverge according to the source address. # Packets from <tunnel> go to 4122. All other port 22 packets # are undisturbed. iptables -t nat -A PREROUTING -p tcp -s <tunnel> --sport 22 -j REDIRECT --to-port 4122 #========= Does that seem reasonable? My remaining concerns involve interactions of openvpn, tun, ipmasq & iptables. * Should I remove ipmasq and try to achieve LAN routing with iptables, as explained under Routing in man openvpn? Or is routing best left to ipmasq? * Where does tun operate? Does it use iptables? Does it work independently between routing and the interface? * Will iptables recognize the tunnel address in the rules above? I am trying to resolve some of the questions before spending hours with trial and error. Thanks for any answers, comments and suggestions, ... Peter E. Desktops.OpenDoc http://carnot.yi.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
