[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: ipfilter and SecureRemote?
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2004-09-25 18:02:57
Message-ID: 200409251802.EAA28770 () avalon ! reed ! wattle ! id ! au
[Download RAW message or body]

In some email I received from b311b-temp1@theotherbell.com, sie wrote:
> > > My /etc/services had port 500 defined as isakmp, so I changed it
> > > to ike.  Then I got the following error:
> > >
> > > 1:ioctl(SIOCADNAT): No such file or directory
> > 
> > Your statement does not correlate or reflect the error message.
> > It is - I think - unwise to change an entry in /etc/services due
> > to standardisation.
> 
> I'll explain.  ISAKMP and IKE are both port 500.  My
> /etc/services file mapped port 500 to ISAKMP... which is why
> ipnat didn't understand the IKE port; however, if I add port 500
> (IKE) as instructed by an earlier email:
> 
>     map tlp1 192.168.2.0/24 -> 0/32 proxy port 500 ipsec/udp
>     
> ipnat says:
> 
>     ioctl(SIOCADNAT): No such file or directory
>     
> tcp, udp and a bunch of other things are defined in
> /etc/protocols, but ipsec isn't.  To the best of my knowledge,
> ipsec is a combination of protocols... so I'm not sure how ipnat
> knows how to deal with the "ipsec/udp" part.

"ipsec" is the name of the proxy to use and "udp" is the protocol
you want to use it with.  The ipf code in the kernel resolves these.
My bet is that you're using a version of IPFilter without that proxy
compiled in.

Darren
[prev in list] [next in list] [prev in thread] [next in thread]