Re: IPFW/IPsec

From: Dmitry Shupilov (root@ns.tb.by)
Date: 04/16/02


Date: Tue, 16 Apr 2002 10:58:53 +0300
From: Dmitry Shupilov <root@ns.tb.by>
To: Charles Henrich <henrich@sigbus.com>

Hello Charles,

CH> Im trying to do something trivial here, but I just cant seem to figure out
CH> whats going on. Im trying to build a gateway that only accepts ESP tunnel
CH> packets. When I enable firewall rules something like:

CH> /sbin/ipfw add allow udp from any to any isakmp via xl0
CH> /sbin/ipfw add allow esp from any to any via xl0
CH> /sbin/ipfw add deny all from any to any via xl0
CH> /sbin/ipfw add allow all from any to any

CH> Communications fails. The thing is, I cant figure out why.

there is a GOLD ipfw rule:

/sbin/ipfw add 65000 deny log ip from any to any [via[xl0][dc0] - as you wish]
                          ^^^
you add this rule and look at your log file

Dmitry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • IPFW/IPsec
    ... Im trying to build a gateway that only accepts ESP tunnel ... /sbin/ipfw add allow udp from any to any isakmp via xl0 ... I cant figure out why. ...
    (FreeBSD-Security)
  • Re: IRIX6.5 on O2 trying to connect to internet with router, help?
    ... :and I cant seem to get my O2 connect to the internet through a router. ... :I tried the "proclaim" and the "system manager, network setting" ... proclaim on IRIX is not able to set the default route, ... IP address that should be the gateway. ...
    (comp.sys.sgi.admin)
  • Re: help my n00bie self please
    ... but it didnt work and i cant connect to the internet sadly:'(anyawys ...
    (Ubuntu)
  • Re: !! HOW TO use dsl+cable at the same time !!
    ... > daniel wrote: ... >> gateway) but i cant get an howto about using BOTH at the ...
    (comp.os.linux.security)
  • Share Recorded TV app problem...
    ... I just upgraded my two boxes (gateway 901's) to 2005...no issues except I ... cant seem to get the share recorded tv app to work on one. ...
    (microsoft.public.windows.mediacenter)