NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SNAT before IPSec

from [Grant Taylor] [Permanent Link][Original]
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: SNAT before IPSec
From: Grant Taylor <gtaylor@riverviewtech.net>
Date: Wed, 06 Jun 2007 13:48:15 -0500
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <web-73936562@bk2.webmaillogin.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization: Riverview Technologies Inc.
References: <8bd3dfad0706050529s484d42b6t9ef4ae0fd1730367@mail.gmail.com> <web-74829660@bk1.webmaillogin.com> <4665C771.4040609@riverviewtech.net> <web-74831651@bk1.webmaillogin.com> <4665F77D.8050603@riverviewtech.net> <web-73936562@bk2.webmaillogin.com>
Reply-to: gtaylor+reply@riverviewtech.net
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070511 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666 
On 06/06/07 10:39, Jorge Davila wrote:
to be honest, reading, re-reading before the rfc the same doubt come to my mind but now, my understanding is that the paragraph is really doing reference to an interface to manage the traffic according to the policies defined. 

*nod*
I think the reason that network interfaces stopped being created was in preparation for MANY IPSec connections, enough so that creating network interfaces would just be a waste. If I recall correctly the IPSec people were wanting and hoping to start seeing IPSec used arbitrarily any time that it could be used, including accessing web pages off of web servers. In this case, creating and removing interfaces is just (IMHO) ridiculing. 



Grant. . . .
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SNAT before IPSec, Jorge Davila
Next by Date:  Re: SNAT before IPSec, Jorge Davila
Previous by Thread:  Re: SNAT before IPSec, Jorge Davila
Next by Thread:  Re: SNAT before IPSec, Yasuyuki KOZAKAI
Indexes:  [Date] [Thread] [Top] [All Lists]