[pptp-server] Firewall GRE

Cowles, Steve Steve.Cowles at gte.net
Tue Aug 22 09:59:45 CDT 2000


> -----Original Message-----
> From: Michael Concannon [mailto:mconcann at BayNetworks.COM]
> Sent: Tuesday, August 22, 2000 9:34 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Firewall GRE
>
> My first question is could the firewall I am sitting behind 
> (with my 98 client) be blocking the type 47 communication?

If this firewall has not been patched with John Hardins PPTP masq patches,
then the answer to your question is YES. Checkout:
http://www.wolfenet.com/~jhardin/ip_masq_vpn.html on installing this patch
and loading the ip_masq_pptp.o module.

>  My current setup looks like this:
> 98 client<--->firewall <---internet---> PPTP/IPCHAINS server
> 
> I cannot see why that would be the case...
> 
> Some config info:
> Server:
> linux 2.2.16
> pptpd/pppd patched.updated per FAQ
> Server is both masquerade box and PPTP server (for now).

If I understand your setup, this is the PopTop server and its sitting
directly on the internet. Just make sure its firewall rules include
ACCEPTing port 1723 and proto 47 on the external interface. Since it is
sitting directly on the internet, it does NOT need John Hardinns patches
installed. If you ever move the PopTop server behind this firewall, then you
will need to install the JHardin patch.

Steve Cowles



More information about the pptp-server mailing list