[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec and transparent bridge firewall

To: misc <misc@openbsd.org>
Subject: Re: ipsec and transparent bridge firewall
From: Andreas Schuldei <andreas@schuldei.org>
Date: Tue, 3 Apr 2001 15:59:07 +0200
Content-Disposition: inline
Mail-Followup-To: misc <misc@openbsd.org>
References: <20010403153332.A7763@sigrid.schuldei.com>
User-Agent: Mutt/1.3.12i

* Andreas Schuldei (andreas@schuldei.org) [010403 15:44]:
> what is needed to let isakmpd and ipsec through a transparent
> bridging firewall?
> 
> what do I miss:
>  
> pass in quick on ep2 proto encap all
> pass in quick on ep2 proto tcp/udp all keep state
> pass in quick on ep2 proto icmp all keep state
> block in quick on ep2
>  
>  
> pass in quick on ep3 proto encap from any to 195.198.203.112/29
> pass in quick on ep3 proto tcp from any to 195.198.203.112/29 port = 22 flags S keep state
> pass in quick on ep3 proto tcp from any to 195.198.203.112/29 port = 500 flags S keep state
> block in quick on ep3

actually ep2 and ep3 are the interfaces connected by the bridge.
ep1 is for remote logging.

Follow-Ups:
- Re: ipsec and transparent bridge firewall
  - From: Andreas Schuldei <andreas@schuldei.org>

References:
- ipsec and transparent bridge firewall
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: Problems with JDK on Openbsd 2.8
Next by Date: Re: ipsec and transparent bridge firewall
Prev by thread: ipsec and transparent bridge firewall
Next by thread: Re: ipsec and transparent bridge firewall
Index(es):
- Date
- Thread