natd firewall settings for vpn
Jim Freeze
jim at freeze.org
Thu Jun 17 22:10:26 PDT 2004
Hi
I am trying to configure my firewall to allow packets through
for a VPN connection. I am running FBSD 5.2 as my router and am trying
to connect my laptop from behind the router to our work computer.
The laptop is running OSX 10.3.4 with a Nortel Networks client
made by Apani.
The VPN connection works when the laptop is connected directly
to my DSL modem or when behind the gateway when I set the
firewall type to 'open'.
Support at Apani says that I need to open port 500 and
allow protocols 50 and 51 (whatever that means).
I found the firewall settings below from the archive and have
implemented them before the divert statement (after also)
but with no luck.
# Allow IPSec clients to run behind firewall
# --- ISAKMP - allow key exchange over UDP 500
${fwcmd} add pass udp from ${inet}:${imask} to any 500 in recv ${iif}
${fwcmd} add pass udp from ${oip} to any 500 out xmit ${oif}
${fwcmd} add pass udp from any 500 to ${inet}:${imask} in recv ${oif}
${fwcmd} add pass udp from any 500 to ${inet}:${imask} out xmit ${iif}
# --- ESP - allow protocol 50 (ESP) for everyone ;-)
${fwcmd} add pass esp from any to any
Does anyone have a firewall with a working nortel client behind it.
I would greatly appreciate any help.
Thanks
--
Jim Freeze
There was a young poet named Dan,
Whose poetry never would scan.
When told this was so,
He said, "Yes, I know.
It's because I try to put every possible syllable into that last line that I can."
More information about the freebsd-questions
mailing list