Greg:
Good post. Quick comment:
> Would some of you more experienced network admin review my description
> of the problem and comment. I believe the answer is forwarding
> protocols like ipsec through masquerading are not possible with out a
> tool like ipfwd.
I agree that ipfwd is the answer -- the standard forwarding
tools (ipmasqadm's portfw and autofw) only handle TCP and UDP
(ie, IP protocol 6 and 17 respectively). To handle other IP protocols,
such as GRE (47, used by PPTP) or AH/ESP (50 and 51, used by
IPSec), another tool is required. Fortunately, ipfwd comes standard
on ES2B, and most of the other current LRP/LEAF distro's.
Also, importantly, ipfwd just gets the packets from the
*outside in*. To get them from the inside out, it requires that
ipmasquerade'ing be VPN-aware. Specifically, this means having
a kernel compiled for VPN support, and having the associated
ipmasq modules loaded. Skipping this step will cause the VPN
connection to fail silently.
-Scott
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
