RE: [leaf-user] VPN Through Dachstein and SSH problems

Wed, 26 Jun 2002 10:57:51 -0700 

On Wed, 26 Jun 2002, Eric Kubischta wrote:

> Thank you again all -
> 
> I read this file:
> http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt
> 
> And tried to follow these steps:
> "snip"  To setup this type of connection:
>       1) open the protocols 50 and 51 on your firewall
>       2) open port 500 on your firewall
>       3) load the ip_masq_ipsec.o module and add it to /etc/modules
>         4) use the "ipfwd" utility to forward the port to the internal 
> network. Ipmasq will not forward the necessary protocol.
> "snip"
> 
> Here is what I have tried to enable pass through of my VPN connection.
> 
> Added the following lines to the network.conf
> 
> 
> EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc 0/0_500"

Okay.

> EXTERN_TCP_PORT0="50 0/0"
> EXTERN_TCP_PORT1"51 0/0"

Not okay.  IP packets can be of the TCP protocol type (6), or UDP (17), or
"other". We can only talk about "ports" once we have agreed to use a
protocol that includes them, like TCP or UDP.  Protocols 50 and 50 are
different from the "ports" defined in protocols 6 and 17 in much the same
way apples are different from donut holes: without the donut, a donut hole
doesn't have much meaning.

I haven't done this myself, but I think you need to look for something
more like:

  EXTERN_PROTO0="50 aaa.bbb.ccc.ddd/24"

> 
> made sure that the following line is in the loaded modules
> ip_masq_ipsec
> 
> I am not sure on how to use the ipfwd utility....
> 
> Does it look like I am doing this right?  I apoligize greatly for my lack of 
> ability!  Any help would be great.

Please don't apologize for lack of ability... if you must apologize, let
it be for rudeness.  Fortunately there seems little danger of that. :)

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<[EMAIL PROTECTED]>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------




-------------------------------------------------------
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to