Firewalled tunnel
Michael Oliver/Tampa/Contr/AT&T/IJV
mwoliver@us.ibm.com
Fri, 13 Oct 2000 09:27:27 -0400
I have several computers at home behind a cable modem. The gateway is a
server running Windows 2000 Advanced Server and using a NAT/PAT application
called WinRoute. I know that WinRoute has the ability to pass traffic of
protocol type 41, but I do not think that SyGate does. I may be wrong, but
when I was helping a friend of mine set up an IPSec tunnel to our office,
it required us to open protocol 50 on SyGate, and we searched everywhere
for a method to do so. In the end, we found out that the apprule.cfg file
that sygate uses to allow/disallow traffic could only be configured to
allow TCP/UDP port numbers, not specific protocols. The IPSec support
within SyGate is built in to the application, therefore not configurable.
Note that I am not an expert on SyGate, but support for protocol 41 may be
built in as well, or they may have a new version that allows this
configuration now.
Aaron, since your Dad is using Win2K, have you talked to him about
downloading the IPv6 kit from MSDN? The new kit allows you to set up a
tunnel through Microsoft lickety-split, no prob. In my environment, I have
the IPv6 kit installed on several Win2k Pro clients, as well as the AdvSrv
that is the gateway (WinRoute). On the gateway, all I have to do is go to
the command line, enter the command "6to4cfg.exe -r -s" and my whole LAN
then has connectivity to the 6BONE. Let me know how it goes, ok?
Michael W. Oliver
oliver.michael@gargantuan.com (home)
mwoliver@att.com (work)
Daniel Richards <kyhwana@world-net.co.nz>@ISI.EDU on 10/13/2000 05:47:00 PM
Please respond to kyhwana@world-net.co.nz
Sent by: owner-6bone@ISI.EDU
To: 6bone@ISI.EDU
cc:
Subject: Re: Firewalled tunnel
On Fri, 13 Oct 2000, Aaron Plattner wrote:
> Hi.
> At my house my dad is using SyGate (a NAT program) running on Windows
> 2000 (no ipv6 support), while I run Linux. I was trying to set up a
> freenet6 tunnel, but I can't get it to work through SyGate. Is it even
> possible to set up a tunnel through a firewall like this? (I think
SyGate
> will only do TCP and UDP).
Hmm, you have to be able to route/forward ICMP type 41, which is ipv6 icmp
stuff.
It IS doable, at least in linux/freebsd using NAT, but it's no preferrable.
If Sygate can't do ICMP, you're out of luck, maybe you could pick up a
cheap
486 and convince your dad to let you use linux/freebsd for NAT ? :)
--
http://shell.world-net.co.nz/~kyhwana/decss/ - Kyh's DeCSS stuff
http://shell.world-net.co.nz/~kyhwana/DRpubkey.txt
"'Oh dear,' says God, 'I hadn't thought of that,' and promptly vanishes in
a puff of
logic."