IPTABLES question, multiple rules. - Linux

This is a discussion on IPTABLES question, multiple rules. - Linux ; Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN server. This server will be shared among several customers, each one a different company with many connections. So i'll have: CLIENTS 1, 2, 3, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPTABLES question, multiple rules.

  1. IPTABLES question, multiple rules.

    Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN
    server. This server will be shared among several customers, each one a
    different company with many connections. So i'll have:
    CLIENTS 1, 2, 3, 4 belong to company A
    clients 5, 6, 7 and 8 belong to company B.

    I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and so
    on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company B.

    All clients will connect to the same VPN server, but this server will
    automatically assign the right IP address, based on the username. So, in
    order to keep packets within each customer's network, I do something like:

    iptables -P FORWARD DROP

    iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
    iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
    iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
    ....


    So for every company I add, I need a new rule. Is this the only way to
    go, or is there an easier way to do this?


    hjf

    --
    Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado.

    http://www.hjf.com.ar/

  2. Re: IPTABLES question, multiple rules.

    Hernán Freschi pise na comp.os.linux:
    > Hi, I have a question. I've set up a PPTP server with PoPToP for a VPN
    > server. This server will be shared among several customers, each one a
    > different company with many connections. So i'll have:
    > CLIENTS 1, 2, 3, 4 belong to company A
    > clients 5, 6, 7 and 8 belong to company B.
    >
    > I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and so
    > on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company B.
    >
    > All clients will connect to the same VPN server, but this server will
    > automatically assign the right IP address, based on the username. So, in
    > order to keep packets within each customer's network, I do something like:
    >
    > iptables -P FORWARD DROP
    >
    > iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
    > iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
    > iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
    > ...
    >
    >
    > So for every company I add, I need a new rule. Is this the only way to
    > go, or is there an easier way to do this?


    There is, check out ipset.
    http://people.netfilter.org/kadlec/ipset/


    --
    ____ __ ___| | ___ Ignorance is .~. hrvoje.spoljar@><.pbf.hr
    (_-< '_ \/ _ \ |_/ -_) bliss, but / V \ irc # RoCkY
    /__/ .__/\___/__/\___| knowledge is /( )\ icq : 53000945
    |_| power! ^-^ http://spole.pbf.hr

+ Reply to Thread