Hernán Freschi wrote:
> Hi, I have a question. I've set up a PPTP server with PoPToP for a
VPN
> server. This server will be shared among several customers, each one
a
> different company with many connections. So i'll have:
> CLIENTS 1, 2, 3, 4 belong to company A
> clients 5, 6, 7 and 8 belong to company B.
>
> I'll assign, say, 10.10.1.1 to client 1, 10.10.1.2 to client 2, and
so
> on, basically 10.10.1.0/24 to company A, and 10.10.2.0/24 to company
B.
>
> All clients will connect to the same VPN server, but this server will

> automatically assign the right IP address, based on the username. So,
in
> order to keep packets within each customer's network, I do something
like:
>
> iptables -P FORWARD DROP
>
> iptables -A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
> iptables -A FORWARD -s 10.10.2.0/24 -d 10.10.2.0/24 -j ACCEPT
> iptables -A FORWARD -s 10.10.3.0/24 -d 10.10.3.0/24 -j ACCEPT
> ...
>
>
> So for every company I add, I need a new rule. Is this the only way
to
> go, or is there an easier way to do this?

Add rules for all possible clients, and leave it like that? Just track
which subnets you've assigned to who.