Date: Fri, 4 May 2001 16:21:10 -0700 (PDT) From: "=?iso-8859-1?Q?Flemming_Frøkjær?=" <flemming@froekjaer.org> To: questions@freebsd.org Subject: ipsec/ipfw combination insecure? Message-ID: <3174.63.105.19.225.989018470.squirrel@sleipner.eiffel.dk>
next in thread | raw e-mail | index | archive | help
When using ipsec to set up a VPN, address translation is taking place before ipfw gets the packets. This means that ipfw sees the packets from the remote RFC1918 network as coming from the external network interface, and thus one is forced to bore a gaping hole for incoming traffic in that IP range for the VPN to work. As far as I know, hackers can easily spoof their IP, so it will look like their packets are coming from that very same IP range. Am I too paranoid here, or is there really a security problem with this? If there is, what can be done about it? If there isn't, why not? Thanks... \Flemming To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3174.63.105.19.225.989018470.squirrel>