Re: IP Protocol 57

To: debian-firewall@lists.debian.org
Subject: Re: IP Protocol 57
From: "Chad Thompson" <chad@macristy.com>
Date: Mon, 23 Jul 2001 09:59:09 -0400
Message-id: <[🔎] 3B5C2DAD.7DF04950@macristy.com>
References: <20010720152116.A26687@UnderGrid.net>

Hmmm... Both firewalls (the one on my side and the one at the VPN host
site) , use IPCHAINS. It seems that I can allow the protocol 57 traffic
through my firewall on the client side,  but when I try below on the VPN
host side:

ipmasqadm portfw -a -P 57 -L $IPADDR -R 10.2.0.2

I get a 'portfw: invalid protocol specified' ..... Is there a different
way to do this? Please don't tell me I need to upgrade kernels to 2.4.x
now.... :)

Thanks,
Chad

"Jeremy T. Bouse" wrote:
> 
> Chad,
> 
>         Depending on whether you're using ipchains or iptables you should
> be able to do a the same as you do for specifing a TCP, UDP or ICMP protocol
> rule and do an ACCEPT rule for the SKIP (57) protocol... For instance I
> believe in iptables it' something like:
> 
>         iptables -A <chain> -p 57 -j ACCEPT
> 
>         Or something along that lines... I do a similar thing for protos
> 50 (ESP) and 51 (AH) for IPSec traffic...
> 
>         Respectfully,
>         Jeremy T. Bouse
> 
> Chad Thompson was said to been seen saying:
> > Hello,
> >
> > I have a client who has a Novell Border Manager server behind a Debian
> > firewall I built. Everything is fine but we need to get her VPN
> > client/server to function. This function requires IP Protocol ID 57 to
> > be forwarded. Does anyone know of any kernel patches I could apply in
> > order to accomplish this?
> >
> > Thanks in advance for any help.
> >
> > Chad
> >
> > . . . ...............
> > Chad A. Thompson
> > Network Administrator
> > Macristy Industries
> > chad@macristy.com
> > 860.225.4637
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> --
> ,-----------------------------------------------------------------------------,
> |Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC -  www.UnderGrid.net |
> |       Public PGP/GPG key available through http://wwwkeys.us.pgp.net        |
> |     If received unsigned (without requesting as such) DO NOT trust it!      |
> | Jeremy.Bouse@UnderGrid.net   -   NIC Whois: JB5713   -   jbouse@Debian.org  |
> `-----------------------------------------------------------------------------'

Reply to:

Follow-Ups:
- Re: IP Protocol 57
  - From: Michael Wood <wood@kingsley.co.za>
- Re: IP Protocol 57
  - From: Thomas Morin <thomas.morin@webmotion.com>

Prev by Date: Re: IP Protocol 57
Next by Date: Re: IP Protocol 57
Previous by thread: Re: IP Protocol 57
Next by thread: Re: IP Protocol 57
Index(es):
- Date
- Thread