Topic: Allowing specific protocol

[Andrew]

Hi all,

I need to allow protocol ID 57. This is used for Novell's Bordermanager VPN Client, which installed on my laptop on the internal network. How can I allow this protocol
and where do I place the line in ipchains?

Thank you in advance.

Andrew.

[Graeme Robinson]

Andrew,
"protocol ID57" isn't very informative.  Does it equate to
a TCP port?  If so you can use the ipportfwd contrib to pass
packets directed to the appropriate port to your machine on
the local network.  Do a search in this phorum's archives for
port forwarding

[andrew]

Hi Graeme,

Thanks for the reply, however thats not what I was looking for. Protocol ID 57 is not a tcp port, but rather a protocol definition of TCP, similar to protocol ID 50 used in IPSEC or Protocol ID 47 used in PPTP.

Port forwarding will not work as I'm not trying to forward a specific port. As I mentioned in my first request, this is for the internal client to access the VPN server which is located in the outside world.

Again thanks for the reply.

Andrew

[Graeme Robinson]

But this protocol must tunnel over tcp/ip or you couldn't get a
remote connection via the internet working, and if it uses tcp/ip
transport then there should be nothing to configure on the e-smith
server as it transparently masq's all tcp/ip requests from interal
clients.  ie all outbound requests are met unless you have
setup blocking rules.

You give VPN as an example of an analogous protocol.
Nothing on the e-smith server needs to be configured to get VPN working using the PPTP
win9x client from a win9x box on an internal e-smith network
to connect to a remote VPN - you just configure the client and
the tcp packets are passed over IP without the e-smith server
needing to know what they contain.

Sorry if I seem a bit verbose - unfortunately that usually
indicates a lack of clear thinking on my part Do you follow
my reasoning.  Of course I know nothing about the protocol to
which you are refering but conceptually it seems it can only
behave this way.

[Andrew]

Hi Graeme,

Now I should advise that I do not have advanced knowledge of TCP/IP but after a little research here goes.

What is a TCP/IP Protocol ID?? Protocol ID: Indicates the next level protocol used in the data portion of the Internet datagram.

Now about e-smith, well if you take PPTP for example, you will find that the ipchains have the appropriate lines added to allow for incoming GRE (Protocol 47) as well as the tcp port required. If you check your ipchains table, you will see a couple of ref's to IPSEC & GRE. These are the protocols allowed back into the network.

Perhaps somebody out there might comment on this further.

But back to my problem, does anybody know how I can allow protocol id 57 for incoming traffic???

Thank you.