[pptp-server] PPTP

Karan Ingale karan_ingale at yahoo.com
Fri Apr 20 01:22:59 CDT 2001 

Hi Charlie,
 I have enabled masquerading through ipchains. I am
sending the policy file I am using.
 I don't know what GRE is. Can you elaborate please.

Thanks.

Karan.
--- Charlie Brady <charlieb at e-smith.com> wrote:
> 
> On Wed, 18 Apr 2001, Karan Ingale wrote:
> 
> >  I use a Windows 2000 machine from the internal
> > network, to make a VPN session with a server on
> the
> > internet. If I don't apply any rules for ipchains
> (All
> > Accept), I am able to make the connection. But as
> soon
> > as I apply the following rules, I am not able to
> make
> > a VPN connection with the VPN server on the
> internet.
> >
> > This is the policy I used to deny all ports
> >
> >   ipchains --policy input    DENY
> >   ipchains --policy output   DENY
> >   ipchains --policy forward  DENY
> >
> > This is the policy for PPTP
> >
> >   ipchains --append        input \
> >            --jump          ACCEPT \
> >            --interface     $EXTERNAL_INTERFACE \
> >            --source        $EXTERNAL_NETWORK $PPTP
> \
> >            --destination   $LOCALHOST $UNPRIVPORTS
> \
> >            --protocol      tcp
> > #           --protocol      tcp  ! -y    #SYN BIT
> > Check
> 
> ....
> 
> You don't mention masquerading, so I assume that you
> are routing your
> internal network to the Internet.
> 
> You need to have forwarding rules which allow
> traffic - your policy is
> DENY. You do mention that other protocols are
> working, which surprises me
> a little.
> 
> You also need to have rules which allow GRE traffic
> - protocol 47, IIRC.
> 
>   Charlie Brady                        
> charlieb at e-smith.com
>   http://www.e-smith.org (development) 
> http://www.e-smith.com (corporate)
>   Phone: +1 (613) 368 4376 or 564 8000  Fax: +1
> (613) 564 7739
>   e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P
> 1P1 Canada
> 
> 
> _______________________________________________
> pptp-server maillist  - 
> pptp-server at lists.schulte.org
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rc.fw
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20010419/265ac158/attachment.ksh>

More information about the pptp-server mailing list