[pptp-server] Setting up PoPToP behind masq firewall

John P john at pmbbs.demon.co.uk
Sat Oct 13 12:41:36 CDT 2001

> > I have PoPToP running on a RedHat 7.0 server. The server runs
> > behind a Linux firewall which masquerades the internal network
> > out on one IP address. Port 1723 is forwarded to the RedHat
> > server as is protocol 53.

> That should be protocol 47 (GRE), not protocol 53

Duh, typo on my part. It is 47 that is used in ipfwd and allowed in
ipchains. Sorry!

> Some of the latter Redhat kernels already contained the VPN MASQ Patches.
> verify - see if you have module ip_masq_pptp.o

No, I don't have it. I thought that anything that could be compiled into the
kernel could also be loaded as a module? If so, can I get a copy of
ip_masq_pptp.o from somewhere and just install it? I am a bit reluctant to
recompile the kernel, because I haven't done it before.

> > I'm not quite sure why I need to install that patch though.
> > Is it so that the RedHat server knows to route the packets
> > via the masq router?

> The patch is needed so that the GRE protocol can be properly masqueraded.
> i.e. module ip_masq_pptp.o

OK, but who is doing the masquerading? Does the RedHat PPTP server
masquerade the protocol, or is it the Linux firewall? That's what I can't
work out - why would the RedHat server need to do any masquerading at all?
(It just communicates with the firewall which does all the masq'ing)


More information about the pptp-server mailing list