Re: [Leaf-user] Open Port For VPN
Brian: Heya. not sure if you knew, but there are 2 or 3 other steps to getting an IPSec VPN client working from behind a Dachstein firewall/router. Just holler if you'd like the gory details. As for the firewall rules...what you write is close, but a bit off. Have a look in the echowall.rules file in the echowall.lrp package. It's got a whole section for IPSEC. Hope this helps! -Scott > Hello- > I am running the Dachstein LRP and I want to open up port 500 so I can > connect to the vpn at work from home. I noticed that when i tried to connect > to the vpn that nothing happens, and i assume the port 500 is blocked. > > In order to "open the port" on my router, I assume i must use ipchains. > > > ipchains -I output -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT > ipchains -I input -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT > > do these lines make sense or am i wrong on the whole idea? > > thanks for the input, > > brian ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Open Port For VPN
"Henning, Brian" wrote: > > Hello- > I am running the Dachstein LRP and I want to open up port 500 so I can > connect to the vpn at work from home. I noticed that when i tried to connect > to the vpn that nothing happens, and i assume the port 500 is blocked. > > In order to "open the port" on my router, I assume i must use ipchains. > > ipchains -I output -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT > ipchains -I input -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT > > do these lines make sense or am i wrong on the whole idea? As far as the rules go, they would be written: ipchains -A input -j ACCEPT -i eth0 -s 0/0 -d $IPX/32 500 ipchains -A output -j ACCEPT -i eth0 -s $IPX/32 500 -d 0/0 and you might be able to specify -p tcp if it only uses that. Just substitute your external IP address for the $IPX. matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Open Port For VPN
Brian, Charles Steinkuehler has already answered this. Take a look at: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg03844.html -Stephen More At 01:38 PM 2/21/02 -0600, Henning, Brian wrote: >Hello- >I am running the Dachstein LRP and I want to open up port 500 so I can >connect to the vpn at work from home. I noticed that when i tried to connect >to the vpn that nothing happens, and i assume the port 500 is blocked. > >In order to "open the port" on my router, I assume i must use ipchains. > > >ipchains -I output -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT >ipchains -I input -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT > >do these lines make sense or am i wrong on the whole idea? > >thanks for the input, > >brian > >___ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Open Port For VPN
"Henning, Brian" <[EMAIL PROTECTED]> on 02/21/2002 01:38:19 PM To: [EMAIL PROTECTED] cc:(bcc: Phillip Watts/austin/Nlynx) Subject: [Leaf-user] Open Port For VPN Hello- I am running the Dachstein LRP and I want to open up port 500 so I can connect to the vpn at work from home. I noticed that when i tried to connect to the vpn that nothing happens, and i assume the port 500 is blocked. In order to "open the port" on my router, I assume i must use ipchains. ipchains -I output -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT ipchains -I input -i eth0 -s 0.0.0.0/0 500 -d 0.0.0.0/0 500 -j ACCEPT or -i ipsec0(name of your interface) -s any/0 -d any/0 -j ACCEPT but to establish a conection you neef -i $INT_IF -p 50 -j ACCEPT -i $INT_IF -p 51 -j ACCEPT -i $EXT_IF -p 50 -j ACCEPT -i $EXT_IF -p 51 -j ACCEPT that's PROTOCOL 50 , not port do these lines make sense or am i wrong on the whole idea? thanks for the input, brian ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user