From owner-freebsd-net  Mon Jan 14  4: 9:32 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mail.netmodule.com (mail.netmodule.com [195.49.111.194])
	by hub.freebsd.org (Postfix) with ESMTP id DA50A37B41A
	for <freebsd-net@FreeBSD.ORG>; Mon, 14 Jan 2002 04:09:27 -0800 (PST)
Received: from tigris.pacific (tigris.pacific [172.16.1.30])
	by mail.netmodule.com (8.9.3/8.9.3) with ESMTP id NAA05285
	for <freebsd-net@FreeBSD.ORG>; Mon, 14 Jan 2002 13:09:26 +0100
Received: by tigris.pacific with Internet Mail Service (5.5.2653.19)
	id <4WSSP960>; Mon, 14 Jan 2002 13:09:26 +0100
Message-ID: <F58DFF990DB0D411841D000102A7CD70090BEF@tigris.pacific>
From: "Reto Trachsel (NetModule)" <reto.trachsel@netmodule.com>
To: freebsd-net@FreeBSD.ORG
Subject: RE: Filtering packets received through an ipsec tunnel 
Date: Mon, 14 Jan 2002 13:09:22 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hello

IPSec Tunnel security is working like this: You have to permit traffic to
the Tunnel, this you can du with Access-Lists on a Firewall (ie ipfw)

In the Tunnel, only permitted traffic will be transmitted, so you don't have
to filter packets comming from the IPSec Tunnel. It's not interesting to
transmit all the traffic and filter the traffic on the tunnel-end. Beacause
all traffic submitted by the tunnel needs bandwith on the WAN interface. But
if you will do this, you can define special Access-lists with ipfw where you
deny or permit special kinds of traffic from the Network on the other side
of the tunnel.

Regards
	Reto Trachsel

Your Partner for Internet & Networking Technologies!
____________________________________________________
NetModule AG
Meriedweg 7 / CH-3172 Niederwangen
Phone: +41 31 985 25 10 / Fax: +41 31 985 25 11
www.netmodule.com

NetModule AG, Java Competence Center
Zuercherstrasse 12 / Postfach / CH-8401 Winterthur
Phone: +41 52 209 00 44 / Fax: +41 52 209 00 40
____________________________________________________


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message