Re: [Nolug] iptables and Netlock Contivity

From: -ray <ray_at_ops.selu.edu>
Date: Thu, 15 Jul 2004 09:59:41 -0500 (CDT)
Message-ID: <Pine.LNX.4.44.0407150956100.14170-100000@romulus.csd.selu.edu>

On Thu, 15 Jul 2004, krunk wrote:

> Anyone here using a Netlock Contivity VPN client behind an iptables
> firewall? I can get connected by opening up port 500, but after that I
> can't access the web, or the internal net.

Contivity, isn't that a Nortel product? If it is IPSEC you will have to
allow *protocol* (not port number) 50 and 51, as well as UDP port 500.

$IPT -A FORWARD -p udp --sport 500 --dport 500 -j ACCEPT
$IPT -A FORWARD -p 50 -j ACCEPT
$IPT -A FORWARD -p 51 -j ACCEPT

Also if your client or firewall is behind NAT, you will have problems with
IPSEC.

ray

___________________
Nolug mailing list
nolug@nolug.org
Received on 07/15/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST