Date: Sun, 28 Apr 2002 21:04:00 -0400 (EDT) From: mrofilter@localhost Reply-To: mrofilter@localhost Subject: Re: GRE tunneling & ipfilters To: Ramin Alidousti <[EMAIL PROTECTED]>
Quoting Ramin Alidousti <[EMAIL PROTECTED]>: > Yes. Once when it comes through the physical interface. There, netfilter > would see it as an IP packet with protocol 47 (GRE). And once when the > packets come out of the GRE tunnel. Here again, netfilter would see IP > packets but the protocol part would be TCP/UDP/ICMP... > > Try these rules to see the association: > > $IPT -A FORWARD -i <physical-interface> -p 47 -j LOG > $IPT -A FORWARD -i <gre-interface> -j LOG > > Ramin > Thanks very much Ramin, one more question though. Would the first rule above actually be in the INPUT chain? I'll be in school tomorrow morning, so I will be able to experiment to get a better understanding. Thanks again, Mark Orenstein East Granby, CT School System
