Hi all
Ok, at this time I would handle this problem like this:
Connect the two sides with an IPSec Tunnel and write an access-list with
ipfw that allow only the specified traffic from the other side network to
your network. This would be the fastest way to handle this problem. For
this, you have to enable the Firewall Feature on FreeBSD and enter the rouls
with the ipfw programm (/etc/rc.firewall or an other included Script.) The
script could look like this:
ipfw add allow tcp from 192.168.10.0/24 22 to 192.168.20.0/24 22
ipfw add allow tcp from 192.168.20.0/24 22 to 192.168.10.0/24 22
ipfw add deny ip from any to any
This example permit all SSH Connections from the External to the Internal
Network where the External Net: 192.168.10.0/24
and the Internal Net: 192.168.20.0/24.
More Informations about the Firewall and its roules: man ipfw
Regards
Reto Trachsel
Your Partner for Internet & Networking Technologies!
____________________________________________________
NetModule AG
Meriedweg 7 / CH-3172 Niederwangen
Phone: +41 31 985 25 10 / Fax: +41 31 985 25 11
www.netmodule.com
NetModule AG, Java Competence Center
Zuercherstrasse 12 / Postfach / CH-8401 Winterthur
Phone: +41 52 209 00 44 / Fax: +41 52 209 00 40
____________________________________________________
-----Original Message-----
From: Alex Le Heux [mailto:[EMAIL PROTECTED]]
Sent: Montag, 14. Januar 2002 15:09
To: Kshitij Gunjikar
Cc: [EMAIL PROTECTED]
Subject: Re: Filtering packets received through an ipsec tunnel
...
I am worried about giving the network at the other end of the tunnel full
access to mine. In only a few of the many possible IPSec implementations do
both ends of the tunnel follow the same security policies. And even then I
might want to use filtering.
...
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
