Port forwarding revisited

[mwl+blu at alumni.unh.edu (mike ledoux)]

On Tue, 28 Aug 2001, Ron Peterson wrote:

>On Tue, 28 Aug 2001, Bill Horne wrote:
>
>> Thanks to all who responded to my first email. I appreciate the help.
>>
>> First, I'm in the process of upgrading to 2.2.19 (thanks, ccb).
>>
>> I'm sorry that I wasn't more clear, so here's a (hopefully) better
>> explanation.
>>
>> I'm using a RH 6.2 machine as a NAT box in between my cable modem and my
>> internal network. The usual services (POP, SMTP, HTTP) work fine.
>>
>> However, I also have a VPN client on one of my internal machines (call
>> it Omega for illustration), in order to access Verizon's network from
>> home. This client works OK when Omega is connected directly to the cable
>> modem, but can't originate a connection when the Linux box is doing
>> masquerading.
>>
>> The SME for this software says that I need to install IPSec passthrough,
>> and *that* is what I need the help with. I hope that I've explained it
>> better this time.
>
>Oooh.  This stuff gets hairy.  For starters, VPN starts using protocols
>you never heard of.  You need to allow UDP port 500.  And protocol type
>(not port) 50 and 51.  How you do this with Linux NAT, I'm not sure.

http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

details how to set up your linux-based NAT device to deal with IPSec
passthrough in some cases.  I think yours is one of them.

HTH,

-- 
mwl+blu at alumni.unh.edu                 
Holder of Past Knowledge           CS, O-
Put your wasted CPU cycles to use: http://www.distributed.net/
"It is surely harmful to souls to make it a heresy to believe
 what is proved."  Galileo Galilei


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).