Thus spoke Scott C. Best:
>
> Just wanted to confirm that ipmasqadm portfw
> can *only* handle tcp and udp right now behind the -P
> switch. Yes?
Yes
> If so...then to confirm: IPSec (even using
> *only* tunnel-mode ESP and not AH) and PPTP must
> terminate on a masq'ing firewall router right now.
> Or, is there some other way to forward IP protocols
> 47, 50 and 51.
>
ipfwd can to this -- check out the VPN Masquerade site at
www.ipsec.org/linux/masquerade/ip_masq_vpn.html. One restriction is that
you can't masquerade AH (protocol 51) because it uses a checksum that is
generated before encryption and that includes the IP header (this is also
discussed at the above site).
-Tom
--
Tom Eastep \ Alt Email: [EMAIL PROTECTED]
ICQ #60745924 \ Websites: http://seawall.sourceforge.net
[EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org
Shoreline, Washington USA \ http://shorewall.sourceforge.net
\_________________________________________
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
