Hmmm... Both firewalls (the one on my side and the one at the VPN host site) , use IPCHAINS. It seems that I can allow the protocol 57 traffic through my firewall on the client side, but when I try below on the VPN host side:
ipmasqadm portfw -a -P 57 -L $IPADDR -R 10.2.0.2 I get a 'portfw: invalid protocol specified' ..... Is there a different way to do this? Please don't tell me I need to upgrade kernels to 2.4.x now.... :) Thanks, Chad "Jeremy T. Bouse" wrote: > > Chad, > > Depending on whether you're using ipchains or iptables you should > be able to do a the same as you do for specifing a TCP, UDP or ICMP protocol > rule and do an ACCEPT rule for the SKIP (57) protocol... For instance I > believe in iptables it' something like: > > iptables -A <chain> -p 57 -j ACCEPT > > Or something along that lines... I do a similar thing for protos > 50 (ESP) and 51 (AH) for IPSec traffic... > > Respectfully, > Jeremy T. Bouse > > Chad Thompson was said to been seen saying: > > Hello, > > > > I have a client who has a Novell Border Manager server behind a Debian > > firewall I built. Everything is fine but we need to get her VPN > > client/server to function. This function requires IP Protocol ID 57 to > > be forwarded. Does anyone know of any kernel patches I could apply in > > order to accomplish this? > > > > Thanks in advance for any help. > > > > Chad > > > > . . . ............... > > Chad A. Thompson > > Network Administrator > > Macristy Industries > > [EMAIL PROTECTED] > > 860.225.4637 > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- > ,-----------------------------------------------------------------------------, > |Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC - www.UnderGrid.net > | > | Public PGP/GPG key available through http://wwwkeys.us.pgp.net > | > | If received unsigned (without requesting as such) DO NOT trust it! > | > | [EMAIL PROTECTED] - NIC Whois: JB5713 - [EMAIL PROTECTED] | > `-----------------------------------------------------------------------------'
