[pptp-server] port forwarding
Cowles, Steve
Steve at SteveCowles.com
Fri Jan 26 10:42:36 CST 2001
> -----Original Message-----
> From: Lillian Kulhanek
>
> Hi gang,
> I'm stumped with this one, and haven't found much
> documentation to help.
>
> I have a masqueraded network, and would like to place my pptp
> server behind the firewall, and have all requests to port 1723
> forwarded to the internal pptp server . I can't get to this
> stage. Port forwarding is not working for me.
>
> I've simplified the problem-solving to the point of trying to
> port forward telnet from one computer in the same network to
> the other.
> For example,
>
> ipmasqadm portfw -a -P tcp -L 192.168.2.221 23 -R 192.168.2.2 23
>
> I don't see any connection attempts in the logs of any of the
> machines involved. If you have any idea I'd love to hear it.
In addition to ipmasqadm; you will also need to ACCEPT tcp port 23 on your
firewalls external interface using ipchains.
With regards to running a masq'd PPTP server:
1) Your firewalls kernel will need to be patched to handle masqueraded PPTP
connections. Checkout:
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
2) In addition to port forwarding tcp port 1723 (from the firewall), PPTP
requires that you also protocol forward (not port forward) GRE packets. i.e.
protocol 47. I use ipfwd to accomplish this. example: ipfwd --masq
192.168.2.2 47 &
FWIW: Once your firewall is properly patched and port/protocol forwarding is
setup... your firewalls log files will show the following entry when a PPTP
client establishes a PPTP tunnel to a masq'd PPTP server. The x.x.x.x is the
public IP address of my laptop using my dialup account. 192.168.9.3 is the
ip address of my "masq'd" linux server running PopTop.
Jan 26 00:02:33 firewall kernel: ip_masq_gre(): creating GRE masq for
192.168.9.3 -> x.x.x.x CID=8000 MCID=4BA0
Steve Cowles
More information about the pptp-server
mailing list