All of lore.kernel.org
 help / color / mirror / Atom feed
* freeswan and netfilter.
@ 2003-07-11  6:44 sathvanth subramaniam
  2003-07-12 20:32 ` Frank Smith
  0 siblings, 1 reply; 2+ messages in thread
From: sathvanth subramaniam @ 2003-07-11  6:44 UTC (permalink / raw)
  To: netfilter

hi all,
 has anyone tried the freeswan + netfilter combination and made it work.i am
working on it and want to know if its possible.
 any help or directions is appreciated.

Regards,
sathvanth


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: freeswan and netfilter.
  2003-07-11  6:44 freeswan and netfilter sathvanth subramaniam
@ 2003-07-12 20:32 ` Frank Smith
  0 siblings, 0 replies; 2+ messages in thread
From: Frank Smith @ 2003-07-12 20:32 UTC (permalink / raw)
  To: sathvanth subramaniam, netfilter

Yes, they work together.  First, get freeswan working.  Then
when you add netfilter rules start with a default ACCEPT policy
and add a LOG entry at the end of each chain.  This will help
you understand the packet flow so you can learn whether you need
to apply a rule to an eth interface or to one of freeswan's
ipsec interface to accept/deny a particular packet.
   You'll probably want to change the default policy to DENY at
some point once you have enough rules in place to not lock
yourself out of the box.
   If you are also NATing your connections on the same box then
you also have to keep track of whether the rules need to apply
to the real or NATed addresses.  The log rule at the end of each
chain will help you see which one you need.
   
Good luck,
Frank

--On Friday, July 11, 2003 12:14:23 +0530 sathvanth subramaniam <sathvanth.subramaniam@ctp.ilabsgroup.com> wrote:

> hi all,
>  has anyone tried the freeswan + netfilter combination and made it work.i am
> working on it and want to know if its possible.
>  any help or directions is appreciated.
> 
> Regards,
> sathvanth






^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-12 20:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-11  6:44 freeswan and netfilter sathvanth subramaniam
2003-07-12 20:32 ` Frank Smith

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.