Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TCP Ports
Special Forums IP Networking TCP Ports Post 3376 by Neo on Saturday 30th of June 2001 12:00:49 AM
Old 06-30-2001
NAT Breaks IPSEC (VPNs)
NAT (Network Address Translation) is not compatible with most VPN technologies. If the VPN is IPSEC based this is certainly the case. Cryptographic systems that use IPSEC (or similar techology) insure the integrity of the IP packet by running cryptographic checksum (kinda) algorithm against the packet. If the packet has changed, it will be dropped.

NAT changes the IP address in the head. This is a violation of the integrity checking mechanism of IPSEC. This is a big problem with NAT. You should consider turning off NAT if you want a clean, not kludgy VPN solution.

If you are not sure of this reply, please post the details of what cryptographic protocols are being used in the VPN tunnel. I can help you if you provide the details on how the tunnel is operating.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

TCP Listening Ports

Hello all, Can someone instruct me on how to change the listening port for ftp ( or any tcp service) from 21 to another port number? Thanks in advance.. -AJ (3 Replies)
Discussion started by: jacobsa
3 Replies

2. UNIX for Dummies Questions & Answers

TCP/UDP Ports

Just starting to work with unix, wondering if there is any good on-line documentation explaining TCP/UDP ports, how to use them, etc... Thanks.... (1 Reply)
Discussion started by: eugene_mayo
1 Replies

3. IP Networking

TCP/UDP Ports

Just wondering if anyone knows of any good on-line documentation on TCP/UDP Ports. Basically i want to know how to check if they are in use, learn how to close them, etc... Thanks... (5 Replies)
Discussion started by: eugene_mayo
5 Replies

4. UNIX for Advanced & Expert Users

TCP ports - TIME_WAIT

What is the maximum number of TCP ports that can be consumed at any one time? How can I determine what the number is or increase it? I was under the impression that with our system (UnixWare 7.1.1) 1024 was the maximum under our current Kernel tuning parms, but I think that is really just... (4 Replies)
Discussion started by: dlkox
4 Replies

5. Windows & DOS: Issues & Discussions

TCP ports and file sharing

In using a music file sharing program (WinMx), I am told that I cannot make a primary connection (fastest downloads) because I do not have a TCP and UDP port. I am running Windows Me.What do I do? Thanks. (6 Replies)
Discussion started by: dookster5
6 Replies

6. UNIX for Advanced & Expert Users

TCP slow access though certain ports

hi, I'm currently running with an issue whereby we are experiencing very poor access speeds to our Informix database. Connections or requests to the DB are taking in excess of 2/3/4 minutes during peek periods during the day. This has only just started to happen but so far we have been unable to... (0 Replies)
Discussion started by: fastyan
0 Replies

7. UNIX for Dummies Questions & Answers

Opening TCP ports

I'm not sure if this is the right place for this post, but I'd be grateful if somebody could please help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i... (2 Replies)
Discussion started by: thehaapyappy
2 Replies

8. IP Networking

problem opening TCP ports

Please can somebody help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT iptables... (5 Replies)
Discussion started by: thehaapyappy
5 Replies

9. Solaris

List TCP ports with process

Hello, One of our developers is asking for a command/script in Solaris similar to "netstat -anp" in Linux. He gave this output as an example: root@xxx:~# netstat -anp | grep LISTEN tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN 16082/nsrexecd tcp 0 ... (7 Replies)
Discussion started by: vimes
7 Replies

10. Shell Programming and Scripting

Sheel Scripting to lock 2 TCP unused ports in solaris and linux

My requirement is I need to write a program in shell scripting to check 2 TCP unused unique port numbers in SOLARIS and I have to lock the same ports so that it will not be used in any other new process and the same port numbers should be used and locked in the LINUX machine to communicate... (2 Replies)
Discussion started by: sreeramr30
2 Replies

LEARN ABOUT NETBSD

ipnat

IPNAT(8)						      System Manager's Manual							  IPNAT(8)

NAME

       ipnat - user interface to the NAT subsystem

SYNOPSIS

       ipnat [ -dhlnrsvCF ] [ -M core ] [ -N system ] -f <filename>

DESCRIPTION

       ipnat  opens the filename given (treating "-" as stdin) and parses the file for a set of rules which are to be added or removed from the IP
       NAT.

       Each rule processed by ipnat is added to the kernels internal lists if there are no parsing problems.  Rules are added to the  end  of  the
       internal lists, matching the order in which they appear when given to ipnat.

       Note  that ipf(8) must be enabled (with ipf -E) before NAT is configured, as the same kernel facilities are used for NAT functionality.	In
       addition, packet forwarding must be enabled.  These details may be handled automatically when ipnat is run by rc at normal system  startup.
       See options(4), sysctl(8), and rc.conf(5) for more information.

OPTIONS

       -C     delete all entries in the current NAT rule listing (NAT rules)

       -d     Enable printing of some extra debugging information.

       -F     delete all active entries in the current NAT translation table (currently active NAT mappings)

       -h     Print number of hits for each MAP/Redirect filter.

       -l     Show the list of current NAT table entry mappings.

       -n     This  flag  (no-change)  prevents ipf from actually making any ioctl calls or doing anything which would alter the currently running
	      kernel.

       -r     Remove matching NAT rules rather than add them to the internal lists.

       -s     Retrieve and display NAT statistics.

       -v     Turn verbose mode on.  Displays information relating to rule processing and active rules/table entries.

FILES

       /dev/ipnat
       /usr/share/examples/ipf	Directory with examples.

DIAGNOSTICS

       ioctl(SIOCGNATS): Input/output error Ensure that the necessary kernel functionality is present and ipf enabled with ipf -E.

SEE ALSO

       ipnat(5), rc.conf(5), ipf(8), ipfstat(8)

																	  IPNAT(8)
All times are GMT -4. The time now is 06:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy