Menu

#1934 ESP 50 and AH 51 protocols not listed

1.180
closed
5
2005-02-04
2005-02-04
No

The protocols ESP (50) and AH (51) used in IPSec are
not listed in the firewall rule network protocol list
and are impossible to add/edit.

Furthermore, some Linux's have these protocols defined
by default, which shows the cryptic 50/51 #'s on the
display. (strangely when you press 'revert
configuration', they show up as ESP/AH)
Either way, if you edit the 50/51/ESP/AH entries and
Save, they are incorrectly changed to TCP.

Should be an easy fix, just add to the list pulldown list.

Discussion

  • Jamie Cameron

    Jamie Cameron - 2005-02-04

    Logged In: YES
    user_id=129364

    The firewall module gets it's protocol list from
    the /etc/protocols file, so you should just add ESP and AH to
    that file on your system. In fact, I am surprised they are not
    listed by default ..

     
  • Jamie Cameron

    Jamie Cameron - 2005-02-04
    • status: open --> closed
     
  • Johnathan Conley

    Logged In: YES
    user_id=877440

    Odd, the entries for 50/51 are listed as IPv6-Crypt and
    IPv6-Auth

    ipv6-crypt 50 IPv6-Crypt # Encryption Header
    for IPv6
    ipv6-auth 51 IPv6-Auth # Authentication
    Header for IPv6

    When I first installed webmin, the default system IP tables
    who an entry where the condition text reads 'If protocol is
    50', and after hitting 'Revert Configuration' it reads 'If
    protocol is ESP'
    The keyword ESP is nowhere in the /etc/protocols file

    IPV6-CRYPT and IPV6-AUTH both show up in the rule network
    protocols list.

    It would seem that it may be getting information from
    another location as well as /etc/protocols.

    Here was a website I referenced as well about what 50/51 is
    used for:
    http://docs.hp.com/en/B9901-90021/ch07s04.html

    Just trying to provide more useful information...

    Fyi, I'm using CentOS 3.4 (RHEL 3 U4 remake)

     

Log in to post a comment.