Maybe I'm missing something obvious...

I have a Red Hat 7.1 box running as my firewall between my cable modem and my internal network. It's running ipchains currently. I have a Windows 2000 laptop on my internal network that I use for work and have VPN software that I need to use to connect to my work network. The VPN software will only work if I'm 'directly connected' to the internet. Now I believe this is due to certain ports that need to be open.

1) How do I actively scan ports on my Linux box to see where the requests are being made? I tried using nmap (and nmapfe) but that will only tell me what is actively open.

2) Secondly, once I identify which ports the requests are going to... how do I, with ipchains (and with iptables going forward), redirect (or port forward) to my internal IP address? OR more to the point... Allow IPSEC?

[ 19 September 2001: Message edited by: Nailz ]

I'm pretty sure you can't do ipsec through a NAT router....in other words, unless you have a public IP address for that laptop it isn't possible to run the vpn software on the laptop. Another option is to run vpn software on the firewall machine.

The reason you can't do NAT on the ipsec packets is that the modification of the packet structure breaks the authentication.

I was looking at ipsec using FreeS/WAN for linux and that used udp port 500 and IP protocols 50 and 51. Remember that was protocol 40 and 51 not tcp port 50 and 51.

i use nmap to scan ports. http://www.insecure.org/nmap/

I believe you can configure IPchains to log which replies atre being blocked when you try VPN so then you know what should be forwarded, you could check the man pages to do so...