Iptables and ipsec
Richard Guy Briggs
rgb@conscoop.ottawa.on.ca
Fri, 28 Jul 2000 10:34:02 -0400
--cPi+lWm09sJ+d57q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Why did you quote the previous message? It appears to be
irrelevant...
On Fri, Jul 28, 2000 at 09:53:00AM -0400, Ury Tkachenko wrote:
> Does iptables 1.1.1 support IPSEC forwarding.=20
Yes. iptables supports the filtering of any IP protocol without
prejudice. In fact, this has been the case since the beginning of
ipchains. ipfwadm had a 2-bit IP protocol selector, which was grosly
insufficient, but ipchains and now netfilter have 8-bit IP protocol
selectors which means it can easily do so.
> The following is required for IPSEC to function:
> 1) IP Protocl 50 (ESP) and 51 (AH)
> 2) UDP Port 500 (ISAKMP)
>=20
> If it does support IPSEC forwarding, what would be the iptables rules tha=
t I
> need to write and do I have to turn anything special in the kernel for IP=
SEC
> to work.
I'll leave this to the experts since I am still running ipfwadm
(although this should change in the next month or so...) This should
all be fairly easy to figure out from their fine documentation.
> Ury
slainte mhath, RGB
--=20
Richard Guy Briggs -- PGP key available Auto-Free Ottawa! Canada
<www.conscoop.ottawa.on.ca/rgb/> <www.flora.org/afo/>
Prevent Internet Wiretapping! -- FreeS/WAN:<www.freeswan.org>
Thanks for voting Green! -- <green.ca> Marillion:<www.marillion.co.uk>
--cPi+lWm09sJ+d57q
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
iQCVAwUBOYGZ1t+sBuIhFagtAQFHogQAijWAF1Hz8BXp4YRnUgPPgvtf0vPwOoa5
liLB6ZXncLs1b1Mm2naoCH2J5xNcTx+3xwSKXQTISDreB3AH3eOyGtCd34wCXhxi
wpyEy5J6SGFW1UWyB9t63l8rlmHEYVoIUGSzQNhTvm3kwas4iEcgyK1STgcp3RaO
1gywNLSAZSQ=
=pZBm
-----END PGP SIGNATURE-----
--cPi+lWm09sJ+d57q--