[pptp-server] RE: pptp-server digest, Vol 1 #103 - 8 msgs
Lillian Kulhanek
Lillian.Kulhanek at energy.on.ca
Fri Jan 26 14:19:34 CST 2001
OK stupid me, I had to explicitly tell the masq'ed server what the gateway
was, with a route statement. (I saw this on a prior post on the masq list.
http://home.indyramp.com/lists/masq for future reference if anyone needs
it).
eg.
route add -host 192.168.2.2 gw 192.168.2.1
In my defense, things still weren't working, so I told my non-PHB, who was
helping me, to do a tcpdump, and sure enough, nothing forwarding, when he
realized he had entered an incorrect portfw statement. Bit of a comedy of
errors happening
here. Sorry for the bandwidth.
--__--__--
Message: 8
From: "Cowles, Steve" <Steve at SteveCowles.com>
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] port forwarding
Date: Fri, 26 Jan 2001 10:42:36 -0600
> -----Original Message-----
> From: Lillian Kulhanek
>
> Hi gang,
> I'm stumped with this one, and haven't found much
> documentation to help.
>
> I have a masqueraded network, and would like to place my pptp
> server behind the firewall, and have all requests to port 1723
> forwarded to the internal pptp server . I can't get to this
> stage. Port forwarding is not working for me.
>
> I've simplified the problem-solving to the point of trying to
> port forward telnet from one computer in the same network to
> the other.
> For example,
>
> ipmasqadm portfw -a -P tcp -L 192.168.2.221 23 -R 192.168.2.2 23
>
> I don't see any connection attempts in the logs of any of the
> machines involved. If you have any idea I'd love to hear it.
In addition to ipmasqadm; you will also need to ACCEPT tcp port 23 on your
firewalls external interface using ipchains.
With regards to running a masq'd PPTP server:
1) Your firewalls kernel will need to be patched to handle masqueraded PPTP
connections. Checkout:
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
2) In addition to port forwarding tcp port 1723 (from the firewall), PPTP
requires that you also protocol forward (not port forward) GRE packets. i.e.
protocol 47. I use ipfwd to accomplish this. example: ipfwd --masq
192.168.2.2 47 &
FWIW: Once your firewall is properly patched and port/protocol forwarding is
setup... your firewalls log files will show the following entry when a PPTP
client establishes a PPTP tunnel to a masq'd PPTP server. The x.x.x.x is the
public IP address of my laptop using my dialup account. 192.168.9.3 is the
ip address of my "masq'd" linux server running PopTop.
Jan 26 00:02:33 firewall kernel: ip_masq_gre(): creating GRE masq for
192.168.9.3 -> x.x.x.x CID=8000 MCID=4BA0
Steve Cowles
More information about the pptp-server
mailing list