[pptp-server] Netmask woes... Could this be the little bugge r? (Correction)

Cowles, Steve Steve at SteveCowles.com
Sat Feb 24 00:40:55 CST 2001 

> -----Original Message-----
> From: Dread Boy [mailto:dreadboy at hotmail.com]
> Sent: Friday, February 23, 2001 8:42 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Netmask woes... Could this be the 
> little bugger? (Correction)
> 

>>> Much stuff deleted.... <<<<

Dread Boy,

After looking at all of your posts for today and searching my poptop folder
for messages from you, I see this thread actually goes back to 2/7/2001.
wow!

Based on the content of your posts that I have read today... you are still
trying to resolve Samba related issues when you really need to be applying
your efforts in trying to resolve layer 3 (protocol) issues. I have said
this before and I will say it again - "Samba requires layer 3 to be
functional before you can expect it to work properly". Resolving layer 3
issues would include:

1) routing
2) TCP/IP 
3) PPP (port 1723 and protocol 47)
4) ipchains (input/output/forward chains)

In other words, when you can successfully "ping" a client and/or server on
the LAN that the PPTP server is connected to (from your PPTP client), then
you have successfully resolved your layer 3 issues and can move on to
resolving Samba related issues. Until you reach this plateau, forget about
Samba. 

Also, without appearing to be rude - consider replacing your firewall script
with seawall. You will save yourself alot of time and frustration because
you do not have to learn ipchain syntax structure. Just edit a well
documented config file which defines your network topology and then type:
seawall start, which will then execute the appropriate ipchain commands
based on the config file. Plus, it might actually help you understand what
ipchain rules are required for PPTP connections when you write your future
howto document. I know it helped me!!!

If the above has not yet convinced you on making the switch to seawall; how
about these bullets 
  * it's free
  * it's secure
  * it's scalable
  * SUPPORTS POPTOP/PPTP tunnels (hint! hint!)
  * supports ipsec tunnels
  * supports port/protocol forwarding to internal "masq'd" servers
  * DMZ support

FWIW: I personally use seawall on my linux firewall and have also
implemented seawall at my customer sites which use linux firewalls. So far,
Seawall has met/passed every security policy and/or test I have had to
design and/or implement against. Think about it! 

Checkout: http://seawall.sourceforge.net and download version 4

As for your post/question regarding address resolution protocol (arp). I
wrote a 30,000 foot overview of "why" ppp/pptp connections require
proxyarp's. It is still a work in progress (needs some re-wording and
cross-references), but it should help you in your understanding of basic
TCP/IP and PPTP.

Checkout: http://www.infohiiway.com/pptp/proxyarp.html

Steve Cowles

More information about the pptp-server mailing list