[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Jeroen Geusebroek" <j dot geusebroek at gmail dot com>, "Pieterjan Heyse" <pieterjan dot heyse at scheppers dash wetteren dot be>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] FIltering traffic coming from a IPsec tunnel?
 Date:  Fri, 4 Mar 2005 12:10:36 +0100
There were already discussions about trafficshaping through an ipsec-tunnel, which 

can run through the traffic shaper, so there is no way to filter that traffic as it is
already encapsulated and can only be seen as traffic from the one wan-ip to the other
wan-ip on the specific ipsec-ports. As a solution for this problem you could use 2 m0n0s
on both sides, one doing the ipsec and a filtering bridge behind it on the lanside of 
the first m0n0. Not very nice, as you need 4 m0n0s and have to take care of configuring 
4 m0n0s. Maybe this could be changed in an upcoming version. I would also need this 
functionality.

Regards,
Holger Bauer




Von: Pieterjan Heyse [mailto:pieterjan dot heyse at scheppers dash wetteren dot be]

An: Jeroen Geusebroek
Cc: m0n0wall at lists dot m0n0 dot ch
Betreff: Re: [m0n0wall] FIltering traffic coming from a IPsec tunnel?


Jeroen Geusebroek wrote:
<snip>
> I tried using a filter on the WAN side and one the LAN side, but
> neither seem to work.

Isn't it possible to filter that traffic on your LAN interface ? That
way, you do not have encrypted packets and you still have control on
what ip's/ports should be accessible ? I find it hard to understand
that the unencrypted traffic that comes out on your LAN interface is
unfirewallable.

Can someone explain me why I can't filter this kind of traffic ?

Thanks,

PJ


 
Scheppersinstituut Wetteren
Cooppallaan 128
9230 Wetteren 
Tel: 09 3692072
Fax: 09 3661348
mailto:pieterjan dot heyse at scheppers dash wetteren dot be
 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



____________
Virus checked by G DATA AntiVirusKit
Version: AVK 15.0.2868 from 04.02.2005
Virus news: www.antiviruslab.com

____________
Virus checked by G DATA AntiVirusKit