On Wednesday 26 June 2002 13:31, Joey Officer wrote: > You need to remove the ip_masq_ipsec.o module line from modules.conf
Incorrect, you need the ip_masq_ipsec modules for pass-through operation with a 2.2.x kernel > The lines should look like the following > > EXTERN_TCP_PORTS="66.101.59.22/32_ssh" # this only allows a specific > IP, I think the 0/0 would allow everything > EXTERN_UDP_PORTS="66.101.59.22/32_500" # this is the port for IPSec > (I believe) > EXTERN_PROTO0="50 66.101.59.22/32" # this is part the SSH > EXTERN_PROTO1="51 66.101.59.22/32" # same thing here, I believe 50 > and 51 are required. Again - this is for specific IP Protocol 51 is only needed for tunnel operation, not transport, ... pass-through is not a tunnel. > 4) use the "ipfwd" utility to forward the port to the > internal network. Ipmasq will not forward the necessary protocol. This is only needed if the remote computer is initiating the connection. If you are initiating the connection from behind the firewall, the ipfwd rule is not needed. I will make a note in the document. Thanks ;-) > "snip" > However, I cannot use Microsoft Dial-Up networking > from a Windows box on my internal network to dial a VPN connection to > a Windows NT server on the internet. (This works fine if I remove > the router. Are you sure this is an IPSec connection??? I believe NT used PPTP, which is similar but uses a different module and ports for use. For PPTP pass-through, Charles suggested doing this: ########## start snip #######################################3 If you're trying to simply masquerade a PPTP connection (ie if you directly connect your windows system to your internet connection and your VPN link works, and you want to be able to run the windows system and VPN link behind your firewall), you're on the right track. You need the ip_masq_pptp.o module loaded, which will do the dirty-work of masquerading the VPN link. �You still, however, need to allow the PPTP packets through your firewall (only TCP/UDP/ICMP traffic is allowed by default). �I believe this is protocol 47 (GRE), which you would allow into your Dachstein based firewall with the following: EXTERN_PROTO0="47 1.2.3.4/32" Where 1.2.3.4 is the IP of the remote VPN peer you're connecting to. �If you're connecting to several VPN servers, you can either make an entry for each one (remember to increment the index number!), or use 0/0 for the IP range, which is the whole internet. ############ end clip ################### -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
