[ale] Dumb Question wrt ATT & IPSec

Geoffrey esoteric at 3times25.net
Tue Jan 15 22:31:14 EST 2002


Joseph A Knapka wrote:


> I have a friend who runs the Cisco VPN client on his NT4
> box behind a Linux NAT firewall. He claims all that's
> necessary is to "allow port 50 through the firewall,"
> though he didn't say if it is for incoming or outgoing
> connections - I assume  outgoing only, since incoming
> connections would require port forwarding, and he
> didn't mention that. Anyway, I haven't tried it yet, but
> maybe it's worth a shot.


Talking ipchains here, I don't  know about iptables.

It takes more then port 50.  If you're masquerading you need the ipsec 
masq module.

With or without masq. you need to deal with two ports 50 and 500.

There's a very good bit of docs on vpns and chains and all that fun 
stuff.  At one time I was successfully masq'ing both ipsec and pptp 
packets through my two machine firewall.  It was a bit fun getting it to 
go. :)


> 
> Cheers,
> 
> -- Joe
> 
> 
>>-Robert
>>
>>Chris Farris wrote:
>>
>>
>>>Does anyone know if AT&T Broadband filters IPSEC traffic? I can do the
>>>key exchange fine, but I can't pass packets along the tunnel. My config
>>>works when I test it elsewhere.....
>>>
>>>Anyone got an IPSEC VPN working on AT&T Broadband? PPTP?
>>>
>>>Chris
>>>
>>>PS. Your humble list admin is again subscribed to the list. I suppose if
>>>you all generate enough traffic you might persuade him to finally setup
>>>ale-digest like he has been meaning to do for three years now.
>>>
>>>
>>>
>>>---
>>>This message has been sent through the ALE general discussion list.
>>>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>>>sent to listmaster at ale dot org.
>>>
>>>
>>>
>>---
>>This message has been sent through the ALE general discussion list.
>>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>>sent to listmaster at ale dot org.
>>
> 


-- 
Until later: Geoffrey		esoteric at 3times25.net

"...the system (Microsoft passport) carries significant risks to users that
are not made adequately clear in the technical documentation available."
- David P. Kormann and Aviel D. Rubin, AT&T Labs - Research
- http://www.avirubin.com/passport.html


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list