[pptp-server] redhat 6.2 firewall to win2k forwarding problems
Ricky Bowen
rbowen at magicstaff.com
Mon Nov 20 15:05:11 CST 2000
Hello all,
I'm having some trouble getting my RH Linux 6.2 firewall to forward to my
internal Win2k pptp server. I've pinpointed the problem at the firewall,
because clients that are on the internal network can connect fine to the
Win2k machine.
I'm testing this with a Win2k client. What happens, is that it connects, but
authentication fails, to me that means that GRE is failing, right? I get
"Error 721: The remote computer is not responding."
My FW is setup as so:
ipchains:
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 1723:1723 -p 6 -j
ACCEPT -l -i eth2
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 -p 47 -j
ACCEPT -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 1723:1723 -d 0.0.0.0/0.0.0.0 -p
6 -j MASQ -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 47 -j
MASQ -l -i eth2
and my rc.local:
/usr/local/sbin/ipfwd --masq 172.16.1.250 47 &
/usr/sbin/ipmasqadm portfw -a -P tcp -L external-ip 1723 -R 172.16.1.250
1723
My kernel is setup with the following:
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP_VERBOSE=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y
I have tested all the chains with ipchains -C. It seems that everything goes
through the external interface, eth2.
Thanks for the help!
Ricky
More information about the pptp-server
mailing list