On Thu, 2005-09-08 at 17:37 +0200, Normando Marcolongo wrote: > Scott Ullrich wrote: > > > The other question is: say we have two sites with different subnets. There > > > >>is a IPSec VPN between these two sites using pfSense. > >> Now I want that only (e.g.) the traffic from site A to a specified IP/port > >>of the site B is tunneled, all the other traffic has to be discarded. I > >>recall that this on m0n0 was impossible since the traffic goes tunneled > >>first before reaching the firewall. Is it possible with pfSense? > >> > >> > > > >Same situation as m0n0wall. > > > > > > > :-( is there anything in progress to solve this? > It would be very useful... Or is it only to me?
I think you can use filtering on the remote box to catch this. Eg. if you have a LAN and WAN on both pfsense/monowall box A and B, you can filter inbound packets on A's LAN to block access to the hosts behind B, and vice versa. Obviously you don't really want the security of your local machines to depend on the configuration of a remote box, but if you have tight administrative control over A and B, it's much better than having them wide open. > > Normando > > >Scott > -- Jesse Norell - [EMAIL PROTECTED] Kentec Communications, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
