[Openswan Users] Tunnels come up, but not all traffic goesthrough
Matt Harrell
matt at mattharrell.net
Wed Jun 9 15:15:47 CEST 2004
I'm not quite sure how adding specific rules to pass traffic to and from
subnets in a tunnel is a security hole. They're all non-routable subnets.
Anyway, this e-mail doesn't tell me much. What exactly does this mean?
Does it mean that the IPsec traffic in 2.6 kernels ignores the iptables
firewalling altogether? Or does it mean that this simply won't work as
long as I'm using iptables?
If there's some online resource that covers this, please point me to
it--I've been trying to find such a resource for two weeks.
There clearly seems to be some kind of firewalling or routing issue
going on here, but I'm not finding what it is.
Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>
>
>>>>>>"Matt" == Matt Harrell <matt at mattharrell.net> writes:
>>>>>>
>>>>>>
> Matt> I should have mentioned that. I did change all references to
> Matt> ipsec0 to eth1 (external NIC) in my iptables rules. Is that
> Matt> all there is to it?
>
> No. You have likely caused yourself a security hole.
>
> You can not firewall IPsec things with 2.6 kernels, without patches.
>
>- --
>] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
>] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
>] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
>] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2 (GNU/Linux)
>Comment: Finger me for keys
>
>iQCVAwUBQMdNJ4qHRg3pndX9AQFRowQAnPPzl6MW55lmEZaYJ4hl8J4tG1QcZRWF
>ge2ApljtIZ4kfhGqqQD17Lb0Qdv54p4kJr95mBDr0XZMixOLdSl09g7JiFRXnpMp
>bOH+kG/YMM2+Ln3EpW4ZNnKngStoS5SvM57a28Tnm4PfmoKm4YlPi/xCuuZWSm1R
>yYvwUk3vP7I=
>=iAQ3
>-----END PGP SIGNATURE-----
>
>
>
--
Matt Harrell
matt at mattharrell.net
http://www.mattharrell.net
More information about the Users
mailing list