Date: Mon, 3 Mar 2003 09:38:46 +0200 From: "Barry Irwin" <bvi@itouchlabs.com> To: "Alwyn Goodloe" <agoodloe@saul.cis.upenn.edu>, <freebsd-security@FreeBSD.ORG> Subject: Re: IPSEC port filtering Message-ID: <005501c2e157$ec8e7a80$4508a8c0@Beastie> References: <Pine.GSO.4.44.0303011624500.771-100000@saul.cis.upenn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Somewhat related, I noticed this when trying to crypt only certain TCP poirts, and also when trying to exclude certain ports from being encrypted. Had the problem on 4.3, 4.4 and 4.5 Unfortunatley havent had an opportunity to follow this up in detail on a later release. When I looked round at the time, I could not find any specific reference to the problem. Baryr -- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "Alwyn Goodloe" <agoodloe@saul.cis.upenn.edu> To: <freebsd-security@FreeBSD.ORG> Sent: Saturday, March 01, 2003 11:32 PM Subject: IPSEC port filtering > In performing the setup for an experiment I have the following command: > > setkey -c <<EOF > > spdadd 192.168.4.2/32[any] 192.168.3.2/32[3322] udp -P out ipsec > esp/tunnel/192.168.5.1-192.168.7.2/require > esp/tunnel/192.168.5.1-192.168.5.2/require > > > Unfortunately, it doesn't seem to be filtering out UDP the packets heading > to that port. They just pass over the wire in the clear. Using tcpdump > I can watch them heading for 192.168.3.2.3322 > If I remove the port ([3322]) the packets are put in the tunnel. Is there > something wrong with the port filtering here. > > Alwyn Goodloe > agoodloe@gradient.cis.upenn.edu > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005501c2e157$ec8e7a80$4508a8c0>