[ previous ] [ next ] [ threads ]
 From:  "Brian" <mono at ricerage dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] forwarding an entire protocol
 Date:  Fri, 2 Apr 2004 08:28:43 -0500 (EST)
>> -----Original Message-----
>> From: Charles Toepoel [mailto:monowall at toepoel dot net]
>> Sent: donderdag 1 april 2004 20:30
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: [m0n0wall] forwarding an entire protocol
>> how can I forward a entire protocol (like IPSEC) in order for
>> me to let
>> an other server handle the vpn connections
>> greetz,
>> Charles
> Normally you should find out which TCP/UDP ports are used AND which other
> IP
> protocols (such as GRE for PPTP) are used and forward them. I know this is
> not allways possible just like that, the details I leave to someone else
> to
> explain, as I'm just a newbie :)

Well, you're probably already aware of this, but I'll rehash it anyway:

To forward IPSec you'd need to pass UDP port 500, AH (Protocol 51), and
ESP (Protocol 50) to the internal machine. I suspect your *actual*
question was on HOW to pass the AH and ESP protocols. To that I have no
answer; it appears the GUI only allows you to specify TCP or UDP in NAT
rules. Perhaps this functionality will be included in a later revision...


> Joachim
> -----------------------------------------------
> -----------------------------------------------
> Oce enables its customers to manage their documents efficiently and
> effectively by offering innovative print and document management products
> and services for professional environments.
> -----------------------------------------------
> -----------------------------------------------
> This e-mail message and any attachment are intended for the sole use of
> the
> recipient(s) named above and may contain information which is confidential
> and/or protected by intellectual property rights.
> Any use of the information contained herein (including, but not limited
> to,
> total or partial reproduction, communication or distribution in any form)
> by
> other persons than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender either
> by telephone (0032-2-729.48.11) or by e-mail and delete the material from
> any computer.
> Oce-Belgium/Oce-Interservices is nor responsible for the correct and
> complete transfer of the contents of the sent e-mail, neither for the
> receipt on due time.  This e-mail message does not bring about a
> contractual
> obligation for Oce-Belgium/Oce-Interservices.
> Thank you for your cooperation.
> For further information about Oce-Belgium/Oce-Interservices please see our
> website at www.oce.be
> -----------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch