Re: [pmfirewall] ===>>> Please help with this configuration

From: Johannes B. Ullrich (euclidian@euclidian.com)
Date: Wed Apr 12 2000 - 13:43:41 PDT

• Next message: Mark Dalton: "Re: [pmfirewall] ===>>> Please help with this configuration"
• Previous message: naji@home.com_stop_spam.com: "[pmfirewall] ===>>> Please help with this configuration"
• In reply to: naji@home.com_stop_spam.com: "[pmfirewall] ===>>> Please help with this configuration"
• Next in thread: Mark Dalton: "Re: [pmfirewall] ===>>> Please help with this configuration"

you need to apply the IPSEC patch to your kernel.
search freashmeat.net for 'VPN' for solutions.

jullrich@euclidian.com - http://www.cablemodemhelp.com

---
HomePC.org dynamic DNS service 
   - a vanity hostname for your HomePC for only $10/year.
...ask about e-mail forwarding, domain parking and more...
On Wed, 12 Apr 2000 naji@home.com_stop_spam.com wrote:
> I am using a tunneling software to access my company's intranet from my
> home's network. I am running ipchains configured with pmfirewall (1.1.2) and
> all access will take place from an NT machine on my home's network.
> 
> Specifically, assume that
>    -The NT machine is (right now) at IP 198.162.1.2
>    -The server running linux has two nics: eth1 is at say 111.111.111.111
> and eth1 at 192.168.1.1.
>    -The NT machine gets its IP via dhcpd on the 198.162.1 segment and
> finally,
>    -The gateway to my company's intranet is at fixed IP address, say
> 555.555.555.555
> 
> The tunneling software needs:
>    1. port UDP 500 not be redirected
>    2. IPSEC Type 50 and 51 not be filtered. Note that IPSEC Type 50 and 51
> are also known as AAgent ESP
>        (at least that's what I have been told)
> 
> Given the above details, I suspect I need to add to pmfirewall.
> 
> $IPCHAINS -A input -s 555.555.555.555 -d $OUTERNET 500 -j ACCEPT
> to allow the 555.555.555.555 machine to talk to my network, but
> 
>  1. how do I make sure that the packets are not redirected, and
>  2. how do I configure pmfirewall to all those IPSEC ports without filtering
> them?
> 
> Thanks for any help you may have on this.
> 
> Naji.
> 
> 
> 
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> 
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.

• Next message: Mark Dalton: "Re: [pmfirewall] ===>>> Please help with this configuration"
• Previous message: naji@home.com_stop_spam.com: "[pmfirewall] ===>>> Please help with this configuration"
• In reply to: naji@home.com_stop_spam.com: "[pmfirewall] ===>>> Please help with this configuration"
• Next in thread: Mark Dalton: "Re: [pmfirewall] ===>>> Please help with this configuration"

This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:34:28 PDT