Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] how to enable ipsec over firewall?
  • From: Martin Köhling <mk@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 17 Sep 2002 12:29:02 +0200 (CEST)
  • Message-id: <Pine.LNX.4.33.0209171217330.22078-100000@xxxxxxxxxxxxxxxxxx>
Hi!
On Tue, 17 Sep 2002, GentooRulez wrote:

> >>As far as I understand, Ip Port 50 and UDP 500 play a special role
> >>
> >> Exactly - the communication goes up on port 50 with protocol 50 using
> udp.
> >
> >???
> >
> >Ipsec uses *IP protocol* number 50 (IPv6-Crypt, look at /etc/protocols)
> >for data echange, and *UDP port* number 500 (isakmp -> /etc/services)
> >for key exchange.
> >
> >Please don't complicate matters further by confusing ports and
> >protocols...
>
> Just my typo. But with the complete compliance via the word "exactly"
> everybody?
> should see it as what it is : just a typo :O)

No offense meant. (Typos happen - I had my share of them, too:-)).

However: both the original sentence:

> >>>>As far as I understand, Ip Port 50 and UDP 500 play a special role

and your answer:

> >> Exactly - the communication goes up on port 50 with protocol 50 using
> >> udp.

are a little off the mark.

There is no "IP port 50" (the protocols UDP and TCP do have ports, IP in
itself doesn't); and "protocol 50 using UDP" doesn't make much sense either
(UDP is protocol 17).

I just wanted to clarify things (a little).

Precision *is* important when fiddling with firewall rules... :-)

Cheers,
Martin


< Previous Next >
References