[pptp-server] pptpd through a cisco..?
Cowles, Steve
Steve.Cowles at gte.net
Tue Jun 6 13:11:00 CDT 2000
Terrelle,
I use a ipchains based firewall (Seawall) developed by Tom Eastep. Who
BTW... also contributes to this list. Tom has gone into great detail in
providing the necessary "hooks" for dealing with a PPTP server running on
the firewall itself or behind the firewall. By simply editing a (well
documented) configuration file, the firewall script (Seawall) will issue the
necessary ipchain (ACCEPT), ipmasqadm (port forward) and ipfwd (protocol)
commands to deal with your particular network infrastructure. Its worth a
look... I know I had a "load of problems" inititally until I used what Tom
has developed as my firewall. Save yourself the headaches and take a look at
http://seawall.sourceforge.net
The reason I mentioned the above is there are only an infinite number of
ways to configure a firewall using ipchains. e.g. Your "default" input,
output and forward policies and weather or not your are using user-defined
chains. Any commands that I post may or may not be needed based on how your
firewall is currently configured. Plus, if I remember right... I also had to
patch the kernel to handle a PPTP server running behind the firewall. FWIW:
The Seawall documentation (http://seawall.sourceforge.net/PPTP.html)
mentions the pre-requisites and the WEB sites on how to obtain the required
PPTP patches along with "ipmasqadm" and "ipfwd"
Steve Cowles
> -----Original Message-----
> From: Terrelle Shaw [mailto:hshaw at healthcentralrx.com]
> Sent: Tuesday, June 06, 2000 10:30 AM
> To: Cowles, Steve
> Subject: RE: [pptp-server] pptpd through a cisco..?
>
>
> can you send my your ipfwd rules for this? I have a linux
> based firewall running ipchains and having a load of
> problems trying to forward port 1723 and protocal 47..
>
> Thanks..
>
> Terrelle Shaw
> System Administrator
> hshaw at healthcentralrx.com
>
>> -----Original Message-----
>> From: pptp-server-admin at lists.schulte.org
>> [mailto:pptp-server-admin at lists.schulte.org]
>> On Behalf Of Cowles, Steve
>> Sent: Tuesday, June 06, 2000 6:21 AM
>> To: pptp-server at lists.schulte.org
>> Subject: RE: [pptp-server] pptpd through a cisco..?
>>
>>
>>
>> I do not know what the Cisco IOS command is to forward
>> "Protocol 47", but thats what you will need to do (in
>> addition to forwarding port 1723). On my linux based
>> firewall, I forward protocol 47 to an internal pptp server
>> using "ipfwd". I would think Cisco has a simaler command
>> to forward a "protocol", in addition to ports.
>>
>> Steve Cowles
More information about the pptp-server
mailing list