Port forwarding revisited
mike ledoux
mwl+blu at alumni.unh.edu
Wed Aug 29 00:41:01 EDT 2001
On Tue, 28 Aug 2001, Ron Peterson wrote:
>On Tue, 28 Aug 2001, Bill Horne wrote:
>
>> Thanks to all who responded to my first email. I appreciate the help.
>>
>> First, I'm in the process of upgrading to 2.2.19 (thanks, ccb).
>>
>> I'm sorry that I wasn't more clear, so here's a (hopefully) better
>> explanation.
>>
>> I'm using a RH 6.2 machine as a NAT box in between my cable modem and my
>> internal network. The usual services (POP, SMTP, HTTP) work fine.
>>
>> However, I also have a VPN client on one of my internal machines (call
>> it Omega for illustration), in order to access Verizon's network from
>> home. This client works OK when Omega is connected directly to the cable
>> modem, but can't originate a connection when the Linux box is doing
>> masquerading.
>>
>> The SME for this software says that I need to install IPSec passthrough,
>> and *that* is what I need the help with. I hope that I've explained it
>> better this time.
>
>Oooh. This stuff gets hairy. For starters, VPN starts using protocols
>you never heard of. You need to allow UDP port 500. And protocol type
>(not port) 50 and 51. How you do this with Linux NAT, I'm not sure.
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
details how to set up your linux-based NAT device to deal with IPSec
passthrough in some cases. I think yours is one of them.
HTH,
--
mwl+blu at alumni.unh.edu
Holder of Past Knowledge CS, O-
Put your wasted CPU cycles to use: http://www.distributed.net/
"It is surely harmful to souls to make it a heresy to believe
what is proved." Galileo Galilei
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list