[pptp-server] Problems accessing private PPTP server behind linux firwall.

Paul Kendall paul at kcbbs.gen.nz
Thu Aug 31 04:49:01 CDT 2000


How come everybody mentions using ipfwd for forwarding GRE?

I have PoPToP running behind my linux masq'd firewall and don't
need that.  I do have the ip_masq_pptp module loaded and
I also portfwd is ipmasqadm my 1723 port to the poptop machine
as well.

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Cowles, Steve
Sent: Thursday, 31 August 2000 3:58 p.m.
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] Problems accessing private PPTP server behind
linux firwall.


I've been running a masq'd PPTP server for months now. On my linux firewall
(not the masq'd PopTop server) I "port forward" TCP/1723, not UDP/1723 and
protocol 47 (GRE). I use ipmasqadm to port forward TCP/1723 and ipfwd to
forward protocol 47. FWIW: Port 500 and proto 50/51 are used for IPSEC
VPN's.

Also, don't forget to load the ip_masq_pptp.o module along with ACCEPTing
the corresponding ports/protos in your ipchain rules on your firewall
system.

For reference: The corresponding port/proto rules needed to allow inbound
pptp connections to a masq'd PopTop and/ot NT PPTP  server. NOTE: The
x.x.x.x is the external IP address of my firewall.

[root at firewall] # ipmasqadm portfw -l -n
prot localaddr   rediraddr     lport    rport  pcnt  pref
TCP  x.x.x.x     192.168.9.3   1723     1723    10    10

[root at firewall] # ipchains -L input -n | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0    0.0.0.0/0  * ->   1723

[root at firewall] # ipchains -L  input -n | grep 47
ACCEPT     47   ------  0.0.0.0/0    x.x.x.x       n/a

[root at firewall] # ps auwx | grep ipfwd
root 950  0.0  0.7   788   240  ?  S   Aug 28   0:00 ipfwd --masq
192.168.9.3 47

Steve Cowles


-----Original Message-----
From: Steve Westerhouse [mailto:westers at versifit.com]
Sent: Wednesday, August 30, 2000 8:26 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Problems accessing private PPTP server behind linux
firwall.


I have a Windows PPTP server running on our local (private) network that I
want to be able to access through our Linux (RedHat6.2   2.2.14) gateway.  I
recompiled and patched the kernel to allow PPTP to be masq.  Port forwarding
is also enabled.  All our internal VPN clients can connect with external VPN
servers.  I setup ipmasqadm to forward port 1723 (tcp) and 500 (udp) packet
to our internal machine.  I'm getting close because now it gets stuck on the
"Verifying username and password" instead of no connection at all.  What am
I missing?

NOTE: The Linux box has two internal NICs.  One's private the other is
public.

thanks for your help.


Steve Westerhouse
Senior Developer/Architect
westers at versifit.com
Steve Westerhouse
Senior Developer/Architect
westers at versifit.com
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list