Thursday, December 3, 2009

Filtering packet at tunnel on Yamaha RTX

Filter setting from Web UI is only possible for PP, but via command line filtering tunnel is also possible, for example:

ip filter 201010 pass * 172.31.31.0/24 icmp * *
ip filter 201011 pass * 172.31.31.0/24 established * *
ip filter 201012 pass * 172.31.31.0/24 tcp * ident
ip filter 201013 pass * 172.31.31.86/32 * * *
ip filter 201014 pass 10.0.10.254/32 172.31.31.0/24 * * *
ip filter 201015 pass 172.31.31.0/24 * * * *

tunnel select 2
tunnel encapsulation ipip
tunnel endpoint address 172.25.111.3
ip tunnel tcp mss limit auto
ip tunnel secure filter in 201010 201011 201012 201013 201014 201015
tunnel enable 2

This is, use "ip tunnel secure" instead of "ip pp secure" and put this line after "tunnel select".
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)