Re: IPSEC and bridged interfaces

From: Jan Engelhardt
Date: Tue Oct 31 2006 - 03:30:49 EST

Next message: Pavel Emelianov: "Re: [ckrm-tech] [RFC] Resource Management - Infrastructure choices"
Previous message: Giacomo Catenazzi: "Panic with 2.6.19-rc3-ga7aacdf9: Invalid opcode at acpi_os_read_pci_configuration"
In reply to: Joerg Platte: "IPSEC and bridged interfaces"
Next in thread: Joerg Platte: "Re: IPSEC and bridged interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>Unfortunately, the kernel does not encrypt incoming packages any more. tcpdump
>reveals, that all received replies (I tested it with ping) are forwarded
>unencrypted, because they are visible on my firewall instead of being
>encrypted. Is this a known problem? Is bridging and IPSEC (maybe with
>masquerading) currently not supported? Or should I forward this issue to
>another mailing list?

Sounds like those packets are bridged rather than routed (or so it
sounds). See if that's the case. Check
http://www.imagestream.com/~josh/PacketFlow-new.png for details.

You could try `ebtables -t broute -j DROP` to force all packets to be
routed.

-`J'
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Emelianov: "Re: [ckrm-tech] [RFC] Resource Management - Infrastructure choices"
Previous message: Giacomo Catenazzi: "Panic with 2.6.19-rc3-ga7aacdf9: Invalid opcode at acpi_os_read_pci_configuration"
In reply to: Joerg Platte: "IPSEC and bridged interfaces"
Next in thread: Joerg Platte: "Re: IPSEC and bridged interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]