Now we should setup the networking on our client box. Let's assume that
we've configured the external network and that it works. Now we will configure
the internal interface of the client to service our intranet.
We need to first bring up the internal network interface. To do this,
add the following to your /etc/rc.d/rc.inet1 (or equivalent) file:
For 2.0 Kernels:
/sbin/ifconfig eth1 192.168.10.253 broadcast 192.168.10.255 netmask 255.255.255.0
/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 dev eth1
|
For 2.2 Kernels:
/sbin/ifconfig eth1 192.168.10.253 broadcast 192.168.10.255 netmask 255.255.255.0
|
To set up the remote office, we will want to set up our filter rules
that allow traffic to go both directions through the tunnel. Add the following
lines to your /etc/rc.d/rc.inet1 (or equivalent) file:
For 2.0 kernels:
/sbin/ipfwadm -F -f
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a accept -b -S 192.168.10.0/24 -D 192.168.0.0/16
|
For 2.2 kernels:
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j ACCEPT -b -s 192.168.10.0/24 -d 192.168.0.0/16
|
You may have noticed that these lines look like what we have
on the server. That's because they are the same. These rules
just say where traffic is allowed to go between these
two networks.
The only extra routes that are needed are created by the script
that bring the tunnel up.