Date: Thu, 18 Apr 2002 13:03:17 -0600 (MDT) From: Fred Clift <fclift@verio.net> To: <freebsd-questions@freebsd.org> Subject: IPSec + IPF Message-ID: <20020418123358.O727-100000@vespa.dmz.orem.verio.net>
next in thread | raw e-mail | index | archive | help
Hi Are there any wierd interactions between IPF and IPSec? I'd like to have a nat/firewall that on the less-secure interface also requires ESP/Transport processing for incomming packets. At risk of encouraging wardrivers in my neighborhood, I'll explain a bit more about what I'm doing. I'm setting up a freebsd router with a wireless card and I'd like to drop all traffic comming in the wireless interface that is comming from anthing that doesn't have the same enctyption keys... I guess I'd be happy to start out using manual key setting via setkey and worry about IKE later. For packets with the right encryption key, I would then send them through IPF to be further firewall/nat'ed before being passed into my internal network. I have the system set up without IPSec now, relying on WEP (yeah right) and ssh-tunnels that I make on the fly to do anything I am more concerned about. I have the routing and NAT (and wep) set up and working now and I've just started reading the IPSec stuff and have kernel's rebuilding etc. Will ipf and ipsec interoperate properly? do I have to load them in the right order? How do I tell one to pass packets to the other? Thanks for any help :) Fred -- Fred Clift - fclift@verio.net -- Remember: If brute force doesn't work, you're just not using enough. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418123358.O727-100000>