From owner-freebsd-security Mon Apr 15 23:11:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from sigbus.com (c-24-126-148-218.we.client2.attbi.com [24.126.148.218]) by hub.freebsd.org (Postfix) with ESMTP id 265D437B400 for ; Mon, 15 Apr 2002 23:11:50 -0700 (PDT) Received: (from henrich@localhost) by sigbus.com (8.11.1/8.11.1) id g3G6Bko21663 for freebsd-security@freebsd.org; Mon, 15 Apr 2002 23:11:46 -0700 (PDT) (envelope-from henrich) Date: Mon, 15 Apr 2002 23:11:46 -0700 From: Charles Henrich To: freebsd-security@freebsd.org Subject: IPFW/IPsec Message-ID: <20020415231146.A21593@sigbus.com> Mail-Followup-To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD 4.2-RELEASE X-PGP-Fingerprint: 1024/F7 FD C7 3A F5 6A 23 BF 76 C4 B8 C9 6E 41 A4 4F X-GPG-Fingerprint: EA4C AB9B 0C38 17C0 AB3F 11DE 41F6 5883 41E7 4F49 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Im trying to do something trivial here, but I just cant seem to figure out whats going on. Im trying to build a gateway that only accepts ESP tunnel packets. When I enable firewall rules something like: /sbin/ipfw add allow udp from any to any isakmp via xl0 /sbin/ipfw add allow esp from any to any via xl0 /sbin/ipfw add deny all from any to any via xl0 /sbin/ipfw add allow all from any to any Communications fails. The thing is, I cant figure out why. I have xl0 internetaddressed, and dc0 internal network addressed, with a gif0 tunnel setup for the ipsec tunneling. Suggestions? Thanks! -Crh Charles Henrich henrich@msu.edu http://www.sigbus.com:81/~henrich To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message