[pptp-server] Setting up PoPToP behind masq firewall
John P
john at pmbbs.demon.co.uk
Sat Oct 13 12:04:59 CDT 2001
Yes, I have a blanet rule as #1 on my ipchains on the firewall accepting all
port 47 connections. I also have ipfwd running '--masq 10.0.0.12 47'
(10.0.0.12 being my internal server IP). The internal server has a
completely open ipchains setup.
Cheers
John
----- Original Message -----
From: "Nate Perry-Thistle" <nate at anthropomorphization.com>
To: "John P" <john at pmbbs.demon.co.uk>
Cc: <pptp-server at lists.schulte.org>
Sent: Saturday, October 13, 2001 4:43 PM
Subject: Re: [pptp-server] Setting up PoPToP behind masq firewall
> john,
>
> do you allow and forward protocol 47 (GRE) through the firewall? check
> out: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO-3.html#ss3.6 for
> examples rules for iptables and ipchains.
>
> n.
>
> On Sat, Oct 13, 2001 at 05:43:45PM +0100, John P wrote:
> > Hi
> >
> > I have PoPToP running on a RedHat 7.0 server. The server runs behind a
Linux
> > firewall which masquerades the internal network out on one IP address.
Port
> > 1723 is forwarded to the RedHat server as is protocol 53. The server is
> > running kernel '2.2.16-22 #17 SMP'
> >
> > When I connect from my Win98 SE machine, I get the following in the
logs:
> > Oct 13 17:24:14 pluto pppd[2738]: pppd 2.4.0 started by root, uid 0
> > Oct 13 17:24:14 pluto pppd[2738]: Using interface ppp0
> > Oct 13 17:24:14 pluto pppd[2738]: Connect: ppp0 <--> /dev/pts/3
> > Oct 13 17:24:44 pluto pppd[2738]: LCP: timeout sending Config-Requests
> > Oct 13 17:24:44 pluto pppd[2738]: Connection terminated.
> > Oct 13 17:24:44 pluto pppd[2738]: Exit.
> > Oct 13 17:24:44 pluto pptpd[2737]: GRE:
read(fd=4,buffer=804da00,len=8196)
> > from PTY failed: status = -1 error = Input/output error
> > Oct 13 17:24:44 pluto pptpd[2737]: CTRL: PTY read or GRE write failed
> > (pty,gre)=(4,5)
> > Oct 13 17:24:44 pluto pptpd[2737]: CTRL: Client 122.146.136.129 control
> > connection finished
> > [root at pluto ipv4]#
> >
> > >From reading the docs, it seems to imply that I need to patch the
kernel
> > with the VPN masquerade patch. However, this isn't something I have
> > attempted before, and am a bit reluctant to do over SSH 100 miles from
the
> > relevant server ;) - can I not install a module, or are there any other
> > workarounds? Is it something that is quite simple to do,
> >
> > I'm not quite sure why I need to install that patch though. Is it so
that
> > the RedHat server knows to route the packets via the masq router?
> >
> > --
> > John Portwin
> > Technical Director,
> > mobiletones.com
> >
> > john at mobiletones.com
> > Mobile (07801) 055722
> > DDI (01923) 892722
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
More information about the pptp-server
mailing list