|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Operational impact of filtering SMB/NETBIOS traffic?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > From: Jim Mercer <[email protected]> > Subject: Re: Operational impact of filtering SMB/NETBIOS traffic? > > as i understand it, ipsec doesn't use ports. > Yes and no. IPSec uses UDP port 500 for the ISAKMP key exchange and the tunnel setup, but all other traffic is IP Protocol 50 (ESP) or 51 (AH). Most firewalls I've seen block wierd (i.e., just about everything that's not standard TCP or IP Protocol 1 (ICMP)) by default, or at least flag it as strange. It should not be hard to set up a persistent IPSec tunnel between UNIX hosts in order to pass SMB/NETBIOS traffic. You could even do it router-to-router in gateway mode and have the traffic be cleartext on the internal side of both networks, and 3DES/SHA-1 to the rest of the world. For the Road Warrior, though, it's going to be somewhat more difficult without using a VPN, as the Win32 implementations of IPSec are somewhat...lacking. (Or at least they were six months ago when I last tried the SSH IPsec shim for NT4.) Win2K's built-in IPSec makes life much easier...if you've got clients using Win2K. Can't vouch for interoperability between Win2K-UNIX, though. Never tried it myself. - -- "By four o'clock, I've discounted suicide in favor of killing everyone else in the entire world instead." - Spider Jerusalem, "Transmetropolitan" -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE6GC2u36NTGsm+2Z4RArBVAJwPWUyTX9fzVctkx+RkVzPtdonzUgCeNaVY s/0K1mD1Vvd/xM+/4kyHzzk= =UwTF -----END PGP SIGNATURE----- |