Can't block non-ipsec traffic?
Posted: Fri Apr 03, 2009 6:15 pm
I setup a IPSEC tunnel between the Public IP of two Router Boards
I then setup an un-encyrpted L2TP between the two Router Boards.
If I torch to Public ethernet port , I see "IPSEC" Traffic. (no L2TP udp/1701 Traffic)
If I setup a filter rule to drop all traffic EXCEPT for the IPSEC traffic, it blocks the L2TP on Said Port.
I then changed it to a "LogOnly" Filter, and it logs EVERY bit of traffic over the IPSEC Tunnel...
The Public IP's are on Bridges, the Public Ethernet Ports are members of Said Bridge, Filters @ Ethernet has no effect, Filtering @ Bridge, Blocks everything., its as if the "IPSEC" sits before the Filter in ip-firewall
I then setup an un-encyrpted L2TP between the two Router Boards.
If I torch to Public ethernet port , I see "IPSEC" Traffic. (no L2TP udp/1701 Traffic)
If I setup a filter rule to drop all traffic EXCEPT for the IPSEC traffic, it blocks the L2TP on Said Port.
I then changed it to a "LogOnly" Filter, and it logs EVERY bit of traffic over the IPSEC Tunnel...
The Public IP's are on Bridges, the Public Ethernet Ports are members of Said Bridge, Filters @ Ethernet has no effect, Filtering @ Bridge, Blocks everything., its as if the "IPSEC" sits before the Filter in ip-firewall