Re[3]: ipsec packet filtering

From: Bjoern A. Zeeb (bzeeb-lists_at_lists.zabbadoz.net)
Date: 07/30/04

  • Next message: Nickolay A. Kritsky: "Re[4]: ipsec packet filtering" 
    Date: Fri, 30 Jul 2004 08:12:52 +0000 (UTC)
To: "Nickolay A. Kritsky" <nkritsky@star-sw.com>

    On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote:

    Hi,

    > I think I have got your point here, but filtering esp in tunnel mode
    > is of no use in many scenarios since higher protocol information (like
    > ports for TCP/UDP) is hidden in encrypted payload.

    at first it helps you to accept (only) encrypted traffic from
    your peers.

    > Correct me if I am wrong but diverting incoming packets wont help.
    > Libalias will just pass them unNATed. Or has it been changed since
    > 4.9? Let's see.
    ...
    > see? if the incoming packet is not in table, _and_ natd is not running
    > in proxy_only mode (which is not acceptable here) the packet flows by
    > without any change. And that's what the `man natd' says.

    please type

    man natd
    /reverse
    n

    this should be available in 4.9 too.

    > BAZ> The ruleset gets quite tricky then but it works here (HEAD from about
    > BAZ> 82 days ago according to uptime ;-)
    >
    > ? Do you mean you have the same scenario? And diverting on inside
    > interface works for you?

    yes of course and a lot more on my three inside and two outside
    interfaces. 

    -- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Nickolay A. Kritsky: "Re[4]: ipsec packet filtering"

    Relevant Pages

    • Re: xsi:nil=true vs missing element
      ... Server Interface which I can then implement. ... to be able to differentiate between these three scenarios of incoming ... value allowing me to differentiate between the second and third examples. ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • Re: Question on abstract classes versus interfaces
      ... using interfaces in some scenarios, I am just not sure what it is. ... abstract classes and interfaces. ... You've got to realize that if you inherit from an abstract class, ... interface: it is always possible to easily mock/stub objects. ...
      (comp.lang.java.programmer)
    • Re: Practical uses of UI thread
      ... Forgive me for stating the obvious... ... need your application to interface with the user? ... and the one that pumps the Windows messages. ... I'm looking for some example scenarios where a UI thread would be absolutely ...
      (microsoft.public.vc.mfc)