[pptp-server] Problems accessing private PPTP server behind linux firwall.
Kristian Liivak
kris at netsoft.ee
Thu Aug 31 04:33:18 CDT 2000
Hi
Does anyone know how to to same thing with FreeBSD 4.0
ipfw ? or some kernel module?
regards,
----------------------------
Kristian Liivak
NetSoft Systems Ltd.
Tõnismägi 3a, 10119 Tallinn ESTONIA
Tel: +3726461191
Fax: +372 6461074
E-Mail: kris at netsoft.ee
-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Cowles, Steve
Sent: 31. august 2000. a. 6:58
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] Problems accessing private PPTP server behind
linux firwall.
I've been running a masq'd PPTP server for months now. On my linux firewall
(not the masq'd PopTop server) I "port forward" TCP/1723, not UDP/1723 and
protocol 47 (GRE). I use ipmasqadm to port forward TCP/1723 and ipfwd to
forward protocol 47. FWIW: Port 500 and proto 50/51 are used for IPSEC
VPN's.
Also, don't forget to load the ip_masq_pptp.o module along with ACCEPTing
the corresponding ports/protos in your ipchain rules on your firewall
system.
For reference: The corresponding port/proto rules needed to allow inbound
pptp connections to a masq'd PopTop and/ot NT PPTP server. NOTE: The
x.x.x.x is the external IP address of my firewall.
[root at firewall] # ipmasqadm portfw -l -n
prot localaddr rediraddr lport rport pcnt pref
TCP x.x.x.x 192.168.9.3 1723 1723 10 10
[root at firewall] # ipchains -L input -n | grep 1723
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1723
[root at firewall] # ipchains -L input -n | grep 47
ACCEPT 47 ------ 0.0.0.0/0 x.x.x.x n/a
[root at firewall] # ps auwx | grep ipfwd
root 950 0.0 0.7 788 240 ? S Aug 28 0:00 ipfwd --masq
192.168.9.3 47
Steve Cowles
-----Original Message-----
From: Steve Westerhouse [mailto:westers at versifit.com]
Sent: Wednesday, August 30, 2000 8:26 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Problems accessing private PPTP server behind linux
firwall.
I have a Windows PPTP server running on our local (private) network that I
want to be able to access through our Linux (RedHat6.2 2.2.14) gateway. I
recompiled and patched the kernel to allow PPTP to be masq. Port forwarding
is also enabled. All our internal VPN clients can connect with external VPN
servers. I setup ipmasqadm to forward port 1723 (tcp) and 500 (udp) packet
to our internal machine. I'm getting close because now it gets stuck on the
"Verifying username and password" instead of no connection at all. What am
I missing?
NOTE: The Linux box has two internal NICs. One's private the other is
public.
thanks for your help.
Steve Westerhouse
Senior Developer/Architect
westers at versifit.com
Steve Westerhouse
Senior Developer/Architect
westers at versifit.com
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list