Re: [pfSense Support] Port Forward of ESP protocol
ok Must be a bug in my version because pfsense want me to write a portnr. I will download and upgrade to a newer version today. Maybe it will work then. Thank you for your help. From: Chris Buechler [EMAIL PROTECTED] Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Port Forward of ESP protocol Date: Wed, 05 Oct 2005 14:09:18 -0400 Jörgen Haraldsson wrote: Yes that's correct. The port 500 is because pfsense want a portnr. I have used 50 to but it's just a protocolnr not a portnr that ipsec use. Whenever you select ESP as protocol, the port boxes are all grayed out. The only way the port boxes are available is if you're using TCP, UDP, or TCP/UDP as the protocol. This works as it should, just select the proper protocol. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lättare att hitta drömresan med MSN Resor http://www.msn.se/resor/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward of ESP protocol
On 10/6/05, Jörgen Haraldsson [EMAIL PROTECTED] wrote: ok Must be a bug in my version because pfsense want me to write a portnr. I will download and upgrade to a newer version today. Maybe it will work then. Thank you for your help. This is indeed fixed but we have not released a new version.We'll be releasing a new version soon once I get my home computer back together. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward of ESP protocol
On 10/4/05, Jörgen Haraldsson [EMAIL PROTECTED] wrote: HiThe line says:rdr on ste0 proto esp from any to 192.168.1.20 port 500 - 192.168.2.100port 500I don't know if port 500 is the right port to use with esp. But It does not matter what port i use. Mmmhh.. I think this is an error!!! ESP is _protocol_ 50, and not port 500.. So, you need 2 rules: ome for protocol ESP, and one for UPD/500 (that is IKE). (I think that here you can find some infos http://wiki.openswan.org/index.php/Firewalls) Tom
Re: [pfSense Support] Port Forward of ESP protocol
That's my opinion to ! But pfsense want me to fill in a port. From: Dan Swartzendruber [EMAIL PROTECTED] Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Port Forward of ESP protocol Date: Tue, 04 Oct 2005 13:45:11 -0400 At 01:43 PM 10/4/2005, you wrote: Hi The line says: rdr on ste0 proto esp from any to 192.168.1.20 port 500 - 192.168.2.100 port 500 I don't know if port 500 is the right port to use with esp. But It does not matter what port i use. ESP doesn't have ports. I know that udp must also be port forwarded on port 500 and pfsense doesn't allow that then already have one rule on 500. In my rules i also forwards udp on 1701 and 4500 to the same address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Nyhet! Hotmail direkt i Mobilen! http://mobile.msn.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward of ESP protocol
Yes that's correct. The port 500 is because pfsense want a portnr. I have used 50 to but it's just a protocolnr not a portnr that ipsec use. Thanks for the link. From: Tommaso Di Donato [EMAIL PROTECTED] Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Port Forward of ESP protocol Date: Wed, 5 Oct 2005 08:53:16 +0200 On 10/4/05, Jörgen Haraldsson [EMAIL PROTECTED] wrote: Hi The line says: rdr on ste0 proto esp from any to 192.168.1.20 http://192.168.1.20 port 500 - 192.168.2.100 http://192.168.2.100 port 500 I don't know if port 500 is the right port to use with esp. But It does not matter what port i use. Mmmhh.. I think this is an error!!! ESP is _protocol_ 50, and not port 500.. So, you need 2 rules: ome for protocol ESP, and one for UPD/500 (that is IKE). (I think that here you can find some infos http://wiki.openswan.org/index.php/Firewalls) Tom _ Nyhet! Hotmail direkt i din Mobil! http://mobile.msn.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward of ESP protocol
Jörgen Haraldsson wrote: Yes that's correct. The port 500 is because pfsense want a portnr. I have used 50 to but it's just a protocolnr not a portnr that ipsec use. Whenever you select ESP as protocol, the port boxes are all grayed out. The only way the port boxes are available is if you're using TCP, UDP, or TCP/UDP as the protocol. This works as it should, just select the proper protocol. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Port Forward of ESP protocol
Hi I am setting up a vpn server with ipsec behind a pfsense firewall. But i run into trouble then i was making a port forward of the esp protocol. Then i select esp as protocol the pfsense ask me to fill in source port and destination port to. But if i fill in a port i only get errors in the log and the rule is ignored. Is this a bug or am i doing something wrong ? The error i get in the log. php: : There were error(s) loading the rules: /tmp/rules.debug:42: dst port only applies to tcp/udp /tmp/rules.debug:42: rpool port only applies to tcp/udp /tmp/rules.debug:42: skipping rule due to errors /tmp/rules.debug:42: rule expands to no valid combination pfctl: Syntax error in config file: pf rules not loaded Best regards _ Chatt: Träffa nya nätkompisar på Habbo Hotel http://habbohotel.msn.se/habbo/sv/channelizer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward of ESP protocol
Can you show me what line 42 of /tmp/rules.debug says? Also, can you show me what the summary rule of the port forward screen looks like? Scott On 10/3/05, Jörgen Haraldsson [EMAIL PROTECTED] wrote: Hi I am setting up a vpn server with ipsec behind a pfsense firewall. But i run into trouble then i was making a port forward of the esp protocol. Then i select esp as protocol the pfsense ask me to fill in source port and destination port to. But if i fill in a port i only get errors in the log and the rule is ignored. Is this a bug or am i doing something wrong ? The error i get in the log. php: : There were error(s) loading the rules: /tmp/rules.debug:42: dst port only applies to tcp/udp /tmp/rules.debug:42: rpool port only applies to tcp/udp /tmp/rules.debug:42: skipping rule due to errors /tmp/rules.debug:42: rule expands to no valid combination pfctl: Syntax error in config file: pf rules not loaded Best regards _ Chatt: Träffa nya nätkompisar på Habbo Hotel http://habbohotel.msn.se/habbo/sv/channelizer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]