Re: IP Protocol 57
Hmmm... Both firewalls (the one on my side and the one at the VPN host
site) , use IPCHAINS. It seems that I can allow the protocol 57 traffic
through my firewall on the client side, but when I try below on the VPN
host side:
ipmasqadm portfw -a -P 57 -L $IPADDR -R 10.2.0.2
I get a 'portfw: invalid protocol specified' ..... Is there a different
way to do this? Please don't tell me I need to upgrade kernels to 2.4.x
now.... :)
Thanks,
Chad
"Jeremy T. Bouse" wrote:
>
> Chad,
>
> Depending on whether you're using ipchains or iptables you should
> be able to do a the same as you do for specifing a TCP, UDP or ICMP protocol
> rule and do an ACCEPT rule for the SKIP (57) protocol... For instance I
> believe in iptables it' something like:
>
> iptables -A <chain> -p 57 -j ACCEPT
>
> Or something along that lines... I do a similar thing for protos
> 50 (ESP) and 51 (AH) for IPSec traffic...
>
> Respectfully,
> Jeremy T. Bouse
>
> Chad Thompson was said to been seen saying:
> > Hello,
> >
> > I have a client who has a Novell Border Manager server behind a Debian
> > firewall I built. Everything is fine but we need to get her VPN
> > client/server to function. This function requires IP Protocol ID 57 to
> > be forwarded. Does anyone know of any kernel patches I could apply in
> > order to accomplish this?
> >
> > Thanks in advance for any help.
> >
> > Chad
> >
> > . . . ...............
> > Chad A. Thompson
> > Network Administrator
> > Macristy Industries
> > chad@macristy.com
> > 860.225.4637
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> --
> ,-----------------------------------------------------------------------------,
> |Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC - www.UnderGrid.net |
> | Public PGP/GPG key available through http://wwwkeys.us.pgp.net |
> | If received unsigned (without requesting as such) DO NOT trust it! |
> | Jeremy.Bouse@UnderGrid.net - NIC Whois: JB5713 - jbouse@Debian.org |
> `-----------------------------------------------------------------------------'
Reply to: