[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec on 2.4.2/IPv4
On Sun, May 20, 2001 at 02:52:50PM +0300, Miki Shapiro wrote:
> Can I ask my linux box (with this kernel patch) to only use IPSec for
> communication on pre-designated TCP ports? (and have other services such
> as DNS and SMTP go on working without using IPSec?)
As far as I see, there's no way to change the destination route based
on the port (that is, according to man netfilter, there's no such
option). IPSec on Linux raises an ipsec0 interface, and sets up a
routing rule to match the IPs on the other end of the VPN, not the
ports.
Yet again, I'm not sure it's possible to establish IPSec connections to
any accepting host around the world without preconfiguring it.
--
Best regards,
Ilya Konstantinov
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il