| To: | Andreas Jellinghaus <aj@xxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: ipsec without interface |
| From: | bert hubert <ahu@xxxxxxx> |
| Date: | Tue, 1 Jul 2003 14:58:08 +0200 |
| Cc: | "netdev@xxxxxxxxxxx" <netdev@xxxxxxxxxxx> |
| In-reply-to: | <1054235787.605.21.camel@simulacron> |
| Mail-followup-to: | bert hubert <ahu@xxxxxxx>, Andreas Jellinghaus <aj@xxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxx" <netdev@xxxxxxxxxxx> |
| References: | <1054235787.605.21.camel@simulacron> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.3.28i |
On Thu, May 29, 2003 at 09:16:27PM +0200, Andreas Jellinghaus wrote: > sure, the simple configurations work fine with kernel 2.5.* ipsec. > But I miss the interface and things I did with it. How are these > setups supposed to work without an interface? > > a) in iptables allow everything coming from ipsec0, > allow only ssh and ipsec on eth0. iptables can filter on ESP/AH presence. > b) source address selection. put the default route on ipsec0, Do you need a separate source address? -- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing & Traffic Control HOWTO |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | shutdown() and SHUT_RD on TCP sockets - broken?, mtk-lists |
|---|---|
| Next by Date: | Re: ipsec without interface, Andreas Jellinghaus |
| Previous by Thread: | shutdown() and SHUT_RD on TCP sockets - broken?, mtk-lists |
| Next by Thread: | Re: ipsec without interface, Andreas Jellinghaus |
| Indexes: | [Date] [Thread] [Top] [All Lists] |