NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2002-q3

From: Stefan Nowak (stefan.nowakberlin.de)
Date: Thu Jul 04 2002 - 03:26:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> When I use FW_MASQ_DEV="ipsec0" on left GW i get the following on the right
> GW:
> -----------
> Jul 3 19:38:48 xpfwl kernel: SuSE-FW-DROP-DEFAULT IN=ipsec0 OUT=eth1
> SRC=194.194.194.200 DST=192.168.1.10 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF
> PROTO=ICMP TYPE=8 CODE=0 ID=55823 SEQ=256
> ------------

Looks like that: the paket is routed from eth0 to ipsec0 and is
correctly masqueraded. Now the IPSec Tunnel tries to route the paket
from ipsec0 to eth1 (now encrypted) - and thats not allowed. What about
your communication between eth1 and ipsec0 ?

Stefan

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]