am Wed, dem 14.01.2004, um 17:26:23 +0100 mailte Valentijn Sessink folgendes: > Now there seems a solution that is a bit of a hack, but it does work. Simply > use a *tunnel* between the two hosts, and define the subnets to be > "tunneled" to be the hosts themselves, like so: > > Now you'll find double logs from each packet, like so: Okay, but you can't filtering packets. It's not possible to filter, for instance, all traffic from/to telnet-port and enable all traffic to/from ssh-port. For this reasen there are the ipsecX-interface in FreeSwan. On the ethX you see only the crypted traffic, and on ipsecX the plain traffic. So you can filtering, you can enable only ah/esp on ethX and enable only ssh on ipsecX. I miss this option in Kernel 2.6. Andreas, and sorry about my english... -- Diese Message wurde erstellt mit freundlicher Unterstützung eines freilau- fenden Pinguins aus artgerechter Freilandhaltung. Er ist garantiert frei von Micro$oft'schen Viren. (#97922 http://counter.li.org) GPG 7F4584DA Was, Sie wissen nicht, wo Kaufbach ist? Hier: N 51.05082°, E 13.56889° ;-)
