iptables and vpnc

[lsmith]

I'm running VPNC on my wrt54g with DD-WRT vpn firmware. I'm using this script.

When I telnet in and start VPNC everything runs smooth. I'm not having trouble connecting.

Now on the page where the script is, it recommends that i add these rules to iptables:

Code:

 iptables -A FORWARD -o tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Now I can access the vpn from every client on my network! That's great but I don't want every client on my internal network broadcasting over the VPN. I want to restrict access the VPN to only two ips.

I'm am a newb when it comes to iptables. I've been reading docs on it all day, and I still can't figure out the necessary rules to accomplish my aim.

If any one can shed some light on this, i'd appreciate it

[Lazydog]

You want to use the source and destination for this.
For example lets say 192.168.1.21 is one of the ip address you want to access the VPN;

Code:

iptables -A FORWARD -o tun0 -s 192.168.1.21 -j ACCEPT
iptables -A FORWARD -i tun0 -d 192.168.1.21 -j ACCEPT

This says to forward out tun0 if the packet is from 192.168.1.21
And forward in if the packet is going to 192.168.1.21

There are many ways you can write your rules. Take a look at this TUTORIAL that explains all the iptables switches.