search for: myextnetwork

...6 native ipsec don't create ipsec* interface (if I am not wrong this is something backported on kernel 2.4 RHEL3) just add a route to remote network through eth0, so if I want to ssh the vpn server on his internal ip from the other side of the vpn I need $IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m tcp --dport 22 -j ACCEPT and this is true for any other rule I would use ipsec0 in, I have to use $EXTIF. Even if I am going to set sshd to listen on a different port, I am a little worried this could harm my machine in any way. Comments are welcome Have a nice day Simone