Mailinglist Archive: opensuse-security (375 mails)
| < Previous | Next > |
Re: [suse-security] how to enable ipsec over firewall?
- From: Martin Köhling <mk@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Sep 2002 12:29:02 +0200 (CEST)
- Message-id: <Pine.LNX.4.33.0209171217330.22078-100000@xxxxxxxxxxxxxxxxxx>
Hi!
On Tue, 17 Sep 2002, GentooRulez wrote:
> >>As far as I understand, Ip Port 50 and UDP 500 play a special role
> >>
> >> Exactly - the communication goes up on port 50 with protocol 50 using
> udp.
> >
> >???
> >
> >Ipsec uses *IP protocol* number 50 (IPv6-Crypt, look at /etc/protocols)
> >for data echange, and *UDP port* number 500 (isakmp -> /etc/services)
> >for key exchange.
> >
> >Please don't complicate matters further by confusing ports and
> >protocols...
>
> Just my typo. But with the complete compliance via the word "exactly"
> everybody?
> should see it as what it is : just a typo :O)
No offense meant. (Typos happen - I had my share of them, too:-)).
However: both the original sentence:
> >>>>As far as I understand, Ip Port 50 and UDP 500 play a special role
and your answer:
> >> Exactly - the communication goes up on port 50 with protocol 50 using
> >> udp.
are a little off the mark.
There is no "IP port 50" (the protocols UDP and TCP do have ports, IP in
itself doesn't); and "protocol 50 using UDP" doesn't make much sense either
(UDP is protocol 17).
I just wanted to clarify things (a little).
Precision *is* important when fiddling with firewall rules... :-)
Cheers,
Martin
On Tue, 17 Sep 2002, GentooRulez wrote:
> >>As far as I understand, Ip Port 50 and UDP 500 play a special role
> >>
> >> Exactly - the communication goes up on port 50 with protocol 50 using
> udp.
> >
> >???
> >
> >Ipsec uses *IP protocol* number 50 (IPv6-Crypt, look at /etc/protocols)
> >for data echange, and *UDP port* number 500 (isakmp -> /etc/services)
> >for key exchange.
> >
> >Please don't complicate matters further by confusing ports and
> >protocols...
>
> Just my typo. But with the complete compliance via the word "exactly"
> everybody?
> should see it as what it is : just a typo :O)
No offense meant. (Typos happen - I had my share of them, too:-)).
However: both the original sentence:
> >>>>As far as I understand, Ip Port 50 and UDP 500 play a special role
and your answer:
> >> Exactly - the communication goes up on port 50 with protocol 50 using
> >> udp.
are a little off the mark.
There is no "IP port 50" (the protocols UDP and TCP do have ports, IP in
itself doesn't); and "protocol 50 using UDP" doesn't make much sense either
(UDP is protocol 17).
I just wanted to clarify things (a little).
Precision *is* important when fiddling with firewall rules... :-)
Cheers,
Martin
| < Previous | Next > |