Re: Netfilter and IPSec interaction

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: Netfilter and IPSec interaction
Date: Fri, 15 Jul 2005 09:55:12 -0500	[thread overview]
Message-ID: <42D7CE50.1000904@riverviewtech.net> (raw)
In-Reply-To: <20050714122109.bl71ded9gkkoc0c4@www.milivojevic.org>

Aleksandar Milivojevic wrote:
> I'm writing set of firewall rules for IPSec based VPN, and have couple of
> questions.
> 
> I know that packets are supposed to go through Netfilter tables twice (as
> received from the wire, and than as outputed by IPSec module).  However, what I
> noticed is that this seems to be true only for incomming packets.  The outgoing
> packets seems to go through Netfilter tables only once.

What kernel are you running and have you applied the (4) Patch-o-Matic (NG) IPSec patches that are meant to address this very issue?  Word to the wise, I've had problems applying said patches in such that I had to edit the info file inside of the <pom root>/patchlets/ipsec-0<number>-<rest of patch name>/ directory and remove the dependencies on other patches.  I've found that patch 01 would not apply b/c it was looking for a different patch that does not exist as it has already been applied to the 2.6.10 and 2.6.12.2 (other unknown) kernel.  Once patch 01 has been applied 02, and 03 should go ok, but 04 does not see that 03 has been applied.  If you remove the dependency (or require word (what ever)) on patch 03 then patch 04 will (test and) apply cleanly to a kernel with patches 01, 02, and 03 already in place.

Has any one else experienced such problem with applying the IPSec-0x patches?

Grant. . . .

next prev parent reply	other threads:[~2005-07-15 14:55 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-14 17:21 Netfilter and IPSec interaction Aleksandar Milivojevic
2005-07-15 14:55 ` Taylor, Grant [this message]
2005-07-16 17:34 ` Trevor Cordes
2005-07-27  5:18   ` Grant Taylor
2005-07-18  3:23 ` Aleksandar Milivojevic
2005-08-10 12:02   ` Trevor Cordes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42D7CE50.1000904@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox