[ previous ] [ next ] [ threads ]
 From:  Rick Preston <rickjpreston at gmail dot com>
 To:  Bill Hamel <billh at bugs dot hamel dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IpSec Tunnel Sanity check please
 Date:  Sat, 20 Nov 2004 13:22:46 -0500
Hi again eh,

> Curious, do you have inbound rules also

Not for the router to router tunnels but only because I control both
ends.  If I didn't control one end then I would.  Under the interface
the tunnel is connected to, block the ports you don't want coming
through and under source select network and type in the subnet of the
remote network.  I haven't played with roaming users yet so I'm not
sure there.

> and can you ?

Assuming you mean for the tunnel itself, allowing ESP etc.. I think
that is done when configuring the tunnel in m0n0wall.  The only time
you would open something for ESP etc.. is when you where passing the
tunnel through m0n0wall instead of using its server.

have fun,