Date: Tue, 5 Mar 2002 10:40:12 +0100 From: "Dennis Pedersen" <mlists@daydreamer.dk> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: ESP + IPFW Message-ID: <002301c1c42a$298a13f0$0301a8c0@dpws> References: <20020305021845.510AE37B41C@hub.freebsd.org> <20020304212850.M87533@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Crist J. Clark" <cjc@FreeBSD.ORG> Sent: Tuesday, March 05, 2002 6:28 AM Subject: Re: ESP + IPFW > > Now, everything works fine. But I would like to be able to firewall the > > packets *after* they are translated by IPSec (ESP) with IPFW? How would I > > do that? They seem to only pass into IPFW once, not twice.. Can you run IPF > > with IPFW to do it, and in that case which firewalling system gets matched > > first? > > Yep. They go through ipfw(8) once. If you run ipf(8), they go through > ipf(8) then ipfw(8)... once. I'm currently running natd,racoon (with gif) and ipfw on the same box. I can't seem to figure what process to packets go throug right before ipfw (as in : i don't now what ip number i have to allow the packets from - is it the peer gif ip, peer wan ip , peer lan , gif?) Anyone got a hint? Regards, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c1c42a$298a13f0$0301a8c0>