[pptp-server] Problems accessing private PPTP server behind l inux firwall.

Cowles, Steve Steve.Cowles at gte.net
Wed Aug 30 22:58:08 CDT 2000 

I've been running a masq'd PPTP server for months now. On my linux firewall
(not the masq'd PopTop server) I "port forward" TCP/1723, not UDP/1723 and
protocol 47 (GRE). I use ipmasqadm to port forward TCP/1723 and ipfwd to
forward protocol 47. FWIW: Port 500 and proto 50/51 are used for IPSEC
VPN's.

Also, don't forget to load the ip_masq_pptp.o module along with ACCEPTing
the corresponding ports/protos in your ipchain rules on your firewall
system.

For reference: The corresponding port/proto rules needed to allow inbound
pptp connections to a masq'd PopTop and/ot NT PPTP  server. NOTE: The
x.x.x.x is the external IP address of my firewall.

[root at firewall] # ipmasqadm portfw -l -n
prot localaddr   rediraddr     lport    rport  pcnt  pref
TCP  x.x.x.x     192.168.9.3   1723     1723    10    10

[root at firewall] # ipchains -L input -n | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0    0.0.0.0/0  * ->   1723

[root at firewall] # ipchains -L  input -n | grep 47
ACCEPT     47   ------  0.0.0.0/0    x.x.x.x       n/a

[root at firewall] # ps auwx | grep ipfwd
root 950  0.0  0.7   788   240  ?  S   Aug 28   0:00 ipfwd --masq
192.168.9.3 47 

Steve Cowles


-----Original Message-----
From: Steve Westerhouse [mailto:westers at versifit.com]
Sent: Wednesday, August 30, 2000 8:26 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Problems accessing private PPTP server behind linux
firwall.


I have a Windows PPTP server running on our local (private) network that I
want to be able to access through our Linux (RedHat6.2   2.2.14) gateway.  I
recompiled and patched the kernel to allow PPTP to be masq.  Port forwarding
is also enabled.  All our internal VPN clients can connect with external VPN
servers.  I setup ipmasqadm to forward port 1723 (tcp) and 500 (udp) packet
to our internal machine.  I'm getting close because now it gets stuck on the
"Verifying username and password" instead of no connection at all.  What am
I missing?

NOTE: The Linux box has two internal NICs.  One's private the other is
public.

thanks for your help.


Steve Westerhouse
Senior Developer/Architect
westers at versifit.com
Steve Westerhouse
Senior Developer/Architect
westers at versifit.com

More information about the pptp-server mailing list