On Sun, Apr 28, 2002 at 09:04:00PM -0400, Mark Orenstein wrote: > Quoting Ramin Alidousti <[EMAIL PROTECTED]>: > > Yes. Once when it comes through the physical interface. There, netfilter > > would see it as an IP packet with protocol 47 (GRE). And once when the > > packets come out of the GRE tunnel. Here again, netfilter would see IP > > packets but the protocol part would be TCP/UDP/ICMP... > > > > Try these rules to see the association: > > > > $IPT -A FORWARD -i <physical-interface> -p 47 -j LOG > > $IPT -A FORWARD -i <gre-interface> -j LOG > > > > Ramin > > > Thanks very much Ramin, one more question though. Would the first rule above > actually be in the INPUT chain? I'll be in school tomorrow morning, so I will > be able to experiment to get a better understanding.
A very good point Mark. I don't know but having thought about it, what you said sounds absolutely right. The first rule might not work as those packets are not meant to get routed. Please do test both and let me know the outcome. Thank you. Ramin > > Thanks again, > Mark Orenstein > East Granby, CT School System
