From: Devaraj Das <ddas@india.hp.com>
To: Thomas Lussnig <lussnig@smcc.net>, lpowers@mis.net
Cc: netfilter@lists.netfilter.org
Subject: Re: kernel 2.6 IPsec and netfilter
Date: Mon, 29 Mar 2004 20:43:25 +0530 [thread overview]
Message-ID: <40683D15.B6220B5F@india.hp.com> (raw)
In-Reply-To: 4068179D.1030509@smcc.net
Thanks for your responses Thomas & Lane. I forgot to mention that I am using
racoon as the IKE daemon. If I enable ipsec tunnelling between two linux-2.6
machines, things work fine. I am able to restrict accesses to ports, etc.
I also have windows (2K) machines that can be connected as a client to the
linux-2.6 machine. The problem that I am facing now is that the windows
machine's native ipsec implementation does not work if the "tunnel mode" is
enabled. So now I am looking for a solution that does not require enabling
tunnelling.
Thanks for your help.
Devaraj.
Thomas Lussnig wrote:
> Devaraj Das wrote:
>
> >Hi,
> >I wanted to know whether there is a working solution for the issue that
> >was discussed sometime back:
> >http://www.spinics.net/lists/netfilter/msg22099.html
> >In short is there any solution to enable blocking selective ports in a
> >machine running Linux 2.6.0 + in-kernel ipsec.
> >I would be very helpful if I can get a working solution or some
> >information on a possible solution.
> >Thanks,
> >Devaraj.
> >
> >
> Hi,
> if you look at ipsec from Linux-2.6.0 you would have noticed that you define
> SRC-IP/SRC-PORT -- DST-IP/DST-PORT this mean you question imply the
> following setup:
>
> 1. You allow any port combination to go via the ipsec tunnel
> 2. You have ports that should not go via the ipsec tunnel wich you allow
> via ipsec
> 3. Now this ports should be filtered on iptables layer
> - possible at prerouting/mangle
> + define the correkt ipsec config
>
> Grufl Thomas Luflnig
next prev parent reply other threads:[~2004-03-29 15:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-29 11:10 kernel 2.6 IPsec and netfilter Devaraj Das
2004-03-29 12:33 ` Thomas Lussnig
2004-03-29 15:13 ` Devaraj Das [this message]
2004-03-29 12:36 ` Lane Powers
2004-03-29 15:21 ` Devaraj Das
-- strict thread matches above, loose matches on Subject: below --
2004-01-14 18:51 Dobersberger Dieter
2004-01-15 3:06 ` Dobersberger Dieter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40683D15.B6220B5F@india.hp.com \
--to=ddas@india.hp.com \
--cc=lpowers@mis.net \
--cc=lussnig@smcc.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox