Re: IP Protocol 57

To: Thomas Morin <thomas.morin@webmotion.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: IP Protocol 57
From: "Chad Thompson" <chad@macristy.com>
Date: Mon, 23 Jul 2001 11:20:40 -0400
Message-id: <[🔎] 3B5C40C8.B4A15A53@macristy.com>
References: <[🔎] Pine.LNX.4.33.0107231037250.10570-100000@centauri>

Thomas Morin wrote:
> 
> -. Chad Thompson (2001-07-23) :
>  |
>  | Hmmm... Both firewalls (the one on my side and the one at the VPN host
>  | site) , use IPCHAINS. It seems that I can allow the protocol 57 traffic
>  | through my firewall on the client side,  but when I try below on the VPN
>  | host side:
>  |
>  | ipmasqadm portfw -a -P 57 -L $IPADDR -R 10.2.0.2
> 
> I don't know SKIP, I don't know if it has ports. But here I really
> believe you are trying to do 'port forwaring' on a protocol for which
> ipchains doesn't know 'ports'.
> 
>  | I get a 'portfw: invalid protocol specified' ..... Is there a
>  | different way to do this? Please don't tell me I need to upgrade
>  | kernels to 2.4.x now.... :)
> 
> You can achieve NAT, by using 'ip rules', and 'ip route' from the
> 'iproute2' package, but you'd really use iptables' NAT here, it's *far*
> easier.

Does anybody know anything about autofw/IPAUTOFW? I think that is what I
would need to use to forward protocol 57. How do you forward protocol 50
or 51 if the kernel is not aware of it? 'ip rules' and 'ip route' look
very complicated...:)

Thanks,
Chad

. . . ...............
Chad A. Thompson
Network Administrator
Macristy Industries
chad@macristy.com
860.225.4637

Reply to:

References:
- Re: IP Protocol 57
  - From: Thomas Morin <thomas.morin@webmotion.com>

Prev by Date: Re: firewall conceptual question
Next by Date: Re: IP Protocol 57
Previous by thread: Re: IP Protocol 57
Next by thread: help building nat/firewall script
Index(es):
- Date
- Thread