I have seen this, if I read you problem correctly. What I have done to work
around this issue is to ifconfig qfe? down the offending interfaces, then
ifconfig gfe? up immediately after boot which allows non-skip interfaces to
accept non-skip traffic
hope this helps
Ken
____________________Reply Separator____________________
Subject: SunScreen SKIP and forwarding
Author: "Rafael D'Halleweyn" <[EMAIL PROTECTED]>
Date: 12/8/98 1:56 PM
Hi,
I am using SunScreen SKIP on several SUN machines (Solaris 2.6,
Ultra2 en Ultra5). These machines are located on different
networks. The Ultra2 machines have quad ethernet cards and are
connected to the different networks.
Without SKIP installed on the Ultra2s, I can use these machines to
do IP-forwarding between the networks (I can also forward SKIP
traffic through these non-SKIP machines). This is how I would
expect it to work.
When I install SKIP on a Ultra2 it fails to forward traffic. What
happens? Well the Ultra2 first tries to match the incoming traffic
against the ACL for that interface. If the incoming traffic does
not match the ACL (encryption/clear text, wrong keys...) it drops
the packet. This happens, even if the packet is not addressed to
the Ultra2.
So it seems that with SKIP installed, the OS checks the ACL before
deciding to forward or not. It seems that this order should be
inverted.
Does anybody know how this set-up can be handled correctly?
Thanks,
--
Raf D'Halleweyn
