[pptp-server] Setting up PoPToP behind masq firewall
John P
john at pmbbs.demon.co.uk
Sat Oct 13 12:41:36 CDT 2001
> > I have PoPToP running on a RedHat 7.0 server. The server runs
> > behind a Linux firewall which masquerades the internal network
> > out on one IP address. Port 1723 is forwarded to the RedHat
> > server as is protocol 53.
> That should be protocol 47 (GRE), not protocol 53
Duh, typo on my part. It is 47 that is used in ipfwd and allowed in
ipchains. Sorry!
> Some of the latter Redhat kernels already contained the VPN MASQ Patches.
To
> verify - see if you have module ip_masq_pptp.o
No, I don't have it. I thought that anything that could be compiled into the
kernel could also be loaded as a module? If so, can I get a copy of
ip_masq_pptp.o from somewhere and just install it? I am a bit reluctant to
recompile the kernel, because I haven't done it before.
> > I'm not quite sure why I need to install that patch though.
> > Is it so that the RedHat server knows to route the packets
> > via the masq router?
> The patch is needed so that the GRE protocol can be properly masqueraded.
> i.e. module ip_masq_pptp.o
OK, but who is doing the masquerading? Does the RedHat PPTP server
masquerade the protocol, or is it the Linux firewall? That's what I can't
work out - why would the RedHat server need to do any masquerading at all?
(It just communicates with the firewall which does all the masq'ing)
Cheers
John
More information about the pptp-server
mailing list