Re: IP Protocol 57

To: debian-firewall@lists.debian.org
Subject: Re: IP Protocol 57
From: Michael Wood <wood@kingsley.co.za>
Date: Mon, 23 Jul 2001 17:21:24 +0200
Message-id: <[🔎] 20010723172124.B12532@lion.kingsley.co.za>
Mail-followup-to: Michael Wood <wood@kingsley.co.za>, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 3B5C2DAD.7DF04950@macristy.com>; from chad@macristy.com on Mon, Jul 23, 2001 at 09:59:09AM -0400
References: <20010720152116.A26687@UnderGrid.net> <[🔎] 3B5C2DAD.7DF04950@macristy.com>

On Mon, Jul 23, 2001 at 09:59:09AM -0400, Chad Thompson wrote:
> Hmmm... Both firewalls (the one on my side and the one at the
> VPN host site) , use IPCHAINS. It seems that I can allow the
> protocol 57 traffic through my firewall on the client side,
> but when I try below on the VPN host side:
> 
> ipmasqadm portfw -a -P 57 -L $IPADDR -R 10.2.0.2
> 
> I get a 'portfw: invalid protocol specified' ..... Is there a

That's because "ipmasqadm portfw" is for forwarding TCP or UDP
packets to internal machines, not SKIP (proto 57) packets.

I don't even know if SKIP has ports.

> different way to do this? Please don't tell me I need to
> upgrade kernels to 2.4.x now.... :)

Well, DNAT on 2.4.x might work, but it depends on how SKIP
works.  (I don't know how SKIP works, so DNAT may or may not
work for it.)

It looks to me like you might have to bite the bullet ;)

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to:

References:
- Re: IP Protocol 57
  - From: "Chad Thompson" <chad@macristy.com>

Prev by Date: Re: IP Protocol 57
Next by Date: Re: IP Protocol 57
Previous by thread: Re: IP Protocol 57
Next by thread: Re: IP Protocol 57
Index(es):
- Date
- Thread