Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Allow port range using IPsec?
Operating Systems AIX Allow port range using IPsec? Post 302665395 by chrisstevens on Monday 2nd of July 2012 12:10:47 PM
Old 07-02-2012
Quote:
Originally Posted by zaxxon
I didn't work with IPsec yet, though here a try.

If this is what you are using, it seems they define the rules in terms of
Code:
... eq 21 gt 1023 ...

where eq seems to be "equal", gt "greater than", lt "less than" etc.

Check out the following link for examples:
Thanks, are there any better alternatives to using IPsec? I am an Linux admin so I am used to using IPtables but the preferred option for AIX from what I have read seems to be IPsec?

Using smit it only allows me to use one argument for the port but I haven't checked it this works fine using CL.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

print range between two patterns if it contains a pattern within the range

I want to print between the range two patterns if a particular pattern is present in between the two patterns. I am new to Unix. Any help would be greatly appreciated. e.g. Pattern1 Bombay Calcutta Delhi Pattern2 Pattern1 Patna Madras Gwalior Delhi Pattern2 Pattern1... (2 Replies)
Discussion started by: joyan321
2 Replies

2. AIX

TCP/UDP port range for default AIX NFS?

May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output: program vers proto port service 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100000 4 ... (4 Replies)
Discussion started by: famasutika
4 Replies

3. BSD

Problem on IPSec

Hi, this is my first post...:p Hello Admin :) Can I have an ask for something with my configuration ? I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies

4. UNIX for Advanced & Expert Users

Ipsec implementation

How can i implement Ipsec between two machines in linux_ ubuntu? any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies

5. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

6. UNIX for Dummies Questions & Answers

iptables to block port 25 only to a certain range

I want to limit all *outbound* traffic on eth0 (or all *.*) on port 25 to a specific (allowed) range... I.E. 192.168.1.5 (local ip) tries to connect to 1.2.3.4:25 (outside real world ip) It can proceed because 1.2.3.0/24 is the allowed range Now, 192.168.1.5 (local ip) tries to connect to... (1 Reply)
Discussion started by: holyearth
1 Replies

7. Red Hat

Which is the effective ephemeral port range in Linux 2.6 for this set up?

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

9. AIX

Forcing named 9 to use a fixed ephemeral port range

I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain. My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers. These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies

10. UNIX for Beginners Questions & Answers

Bash script, find the next closed (not in use) port from some port range.

hi, i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010). the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file. my code is: ... (2 Replies)
Discussion started by: yossi
2 Replies

LEARN ABOUT DEBIAN

getipsecprotobynum

getipsecprotobyname(3NSL)			       Networking Services Library Functions				 getipsecprotobyname(3NSL)

NAME

       getipsecprotobyname, getipsecprotobynum - query IPsec protocols entries

SYNOPSIS

       cc -flag ...  file ...-lnsl [-library ...]
       #include <netdb.h>

       int getipsecprotobyname(const char *proto_name);

       char *getipsecprotobynum(int proto_num);

DESCRIPTION

       Use  the getipsecprotobyname() and getipsecprotobynum() functions to obtain the IPsec algorithm mappings that are defined by ipsecalgs(1M).
       You can also use the getipsecprotobyname() and getipsecprotobynum() functions in conjunction with getipsecalgbyname(3NSL)  and  getipsecal-
       gbynum(3NSL)  to  obtain  information  about  the  supported IPsec algorithms. The IPsec algorithms and associated protocol name spaces are
       defined by RFC 2407.

       getipsecprotobyname() takes as an argument the name of an IPsec protocol and returns its assigned protocol  number.  The  character  string
       returned by the getipsecprotobyname() function must be freed by the called when it is no longer needed.

       getipsecprotobynum() takes as an argument a protocol number and returns the corresponding protocol name.

       The following protocol numbers are pre-defined:

       IPSEC_PROTO_ESP	       Defines the encryption algorithms (transforms) that can be used by IPsec to provide data confidentiality.

       IPSEC_PROTO_AH	       Defines the authentication algorithms (transforms) that can be used by IPsec to provide authentication.

PARAMETERS

       proto_name      A pointer to the name of an IPsec protocol.

       proto_num       A pointer to a protocol number. conditions.

RETURN VALUES

       The getipsecprotobyname() function returns a protocol number upon success, or -1 if the protocol specified does not exist.

	The getipsecprotobynum() function returns a protocol name upon success, or the NULL value if the protocol number specified does not exist.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsl (32 bit)		   |
       +-----------------------------+-----------------------------+
       |			     |SUNWcslx (64 bit) 	   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT Safe			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ipsecalgs(1M), getipsecalgbyname(3NSL), getipsecalgbynum(3NSL), attributes(5)

       Piper, D. RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP. Network Working Group. November, 1998.

SunOS 5.10							    13 Aug 2003 					 getipsecprotobyname(3NSL)
All times are GMT -4. The time now is 06:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy