[svlug] Opening up ipchains for ipsec

Larry Colen lrclug at red4est.com
Thu May 1 21:46:14 PDT 2003


Thanks.  It seems to have gotten a little further, but isn't quite
working. If the machine that I'm trying to run the vpn on is NATted
behind the firewall should those rules be input or or forward?

  Larry

On Thu, May 01, 2003 at 12:52:20PM -0700, Breen Mullins wrote:
> On Thu, 2003-05-01 at 12:06, Larry Colen wrote:
> > The company I work at has the policy that employees can only access
> > the network from offsite via company owned (read windows) hardware
> > running the company vpn software (symantec/defender).
> > 
> > It seems as if red4est is not allowing the packets through that it
> > needs on ports 50 and 51. I'm not very well versed with ipchains and a
> > quick rotfm isn't very illuminating.
> > 
> 
> Errm -- if this is an IPSec VPN, those aren't ports but protocols.
> 
> Try a rule like this:
> 
> -A input -s 0/0 -d 0/0 -p 50  -j ACCEPT
> 
> You'll probably also need a rule to allow 500/tcp for IKE to work:
> 
> -A input -s 0/0 -d 0/0 500 -p tcp -y -j ACCEPT
> 
> 
> Breen
> -- 
> Breen Mullins
> San Mateo, California
> 
> 
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug

-- 
I've found something worse than oldies station that play the music I used to
listen to. Oldies stations that play the "new" music I used to complain about.
lrc at red4est.com                                    http://www.red4est.com/lrc




More information about the svlug mailing list