[Openswan Users] Tunnels come up, but not all traffic goesthrough
Nate Carlson
natecars at natecarlson.com
Thu Jun 10 10:57:18 CEST 2004
On Thu, 10 Jun 2004, Jacco de Leeuw wrote:
> I don't know if you can use this but Chris Andrews wrote that he uses
> fwmark.
>
> Marks applied to encrypted packets remain set on the unencrypted packets,
> and we can use this to determine which packets arrived via the IPSec SA. The
> 'mark' is internal to the kernel, and can't be set on packets outside of the
> system, so it's safe to use this match.
>
> iptables -t mangle -A PREROUTING -i eth0 -p esp -j MARK --set-mark 1
> iptables -A INPUT -i eth0 -m mark --mark 1 -j ACCEPT
>
> http://www.funknet.org/doc/tunnel/l2tp.html
Hmm, yeah, that makes sense - I'll have to give that a shot. Thanks!
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list