LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   What is Protocol 50 (https://www.linuxquestions.org/questions/linux-networking-3/what-is-protocol-50-a-375085/)

jspsandhu 10-20-2005 11:11 AM
What is Protocol 50
 
Hi

Can anyone explain how protocol 50 or protocol 51 is different from TCP/UDP port 50 and 51

Regards

Jaspreet Sandhu

cdhgee 10-20-2005 11:30 AM
Networking is composed of layers; usually, this is the OSI model (see http://en.wikipedia.org/wiki/OSI_model for details). IP is one of these layers, and can encapsulates data from the layer above. In the IP header, there is a marker identifying the type of data that is contained within the IP packet - this is just a number, such as 6 for TCP or 17 for UDP. Protocol 50 is one of these - it denotes encapsulating security payload, and is commonly used with VPN applications.

Protocol 50 differs from TCP port 50 in that TCP port 50 is specific to the TCP protocol in the transport layer (layer 4), whereas protocol 50 is specific to the IP protocol in the network layer (layer 3). ICMP is another example of a protocol number (it is number 1) - but ICMP does not use port numbers like protocols such as TCP and UDP do, i.e. not all IP protocols use port numbers.

Hope this helps.

cdhgee 10-20-2005 11:31 AM
Oh and if you want a complete list of IP protcols, see

http://www.iana.org/assignments/protocol-numbers

Protocol 51 is authentication header but I'm not sure what it's used for.

jspsandhu 10-20-2005 11:49 AM
Great understood the difference between protocol number and port no

Question no 2 arises is if I am using a NAT router on the network that blocks all the ports
Can I forward protocol 50 like I can forward ports for TCP and UDP

I dnt see any such option on my router

Does a NAT router blocks such kinda traffic?

Hey AH is used in IPSEC VPN a type of encapsulation of IP.
ESP is also used in IPSEC VPN a type of encapsulation of IP with encryption of Data.

Regards
Jaspreet Sandhu

cdhgee 10-20-2005 11:53 AM
A NAT router will block everything unless it is specifically forwarded from the router to a node on your internal network - because the traffic is sent to the router and the router will not know which node it needs to be sent to unless you define it specifically in the forwarding rules.

I haven't ever seen a router which will allow you to forward IP protocols (I've only ever seen the option to forward TCP and/or UDP ports) - but some routers allow you to designate a host on your internal network as a "DMZ host", in which case the router will forward all unclaimed traffic to that host. However, if you do do this it's a good idea to make sure you've got a solid firewall on that host as it exposes it to attacks from the internet.

cozofdeath 10-23-2005 10:35 AM
Yes im sure it can be done somehow. On my modem in the firewall settings theres a command to allow protocal 50 threw. I have a westell made modem/router and the command looks like this...
pass protocol 50 >> state, done

as far as i know firewall configs take precidence over NAT configs also

BeauSanders 08-11-2007 11:17 AM
Perhaps this article from HP will help on the Protocol 50 question
 
http://docs.hp.com/en/J4256-90009/ch06s04.html

-Beau


All times are GMT -5. The time now is 08:51 AM.