[pptp-server] Poptop through NAT redux

Christopher Kalos ckalos at gothambroadband.com
Mon Oct 15 11:15:43 CDT 2001

	Yeah, I made sure about that one, too.  The other interfaces are unchanged,
and the new interface is set to fxp3.


-----Original Message-----
From: droman2 at gothambroadband.com [mailto:droman2 at gothambroadband.com]On
Behalf Of Dean Roman
Sent: Monday, October 15, 2001 5:15 AM
To: Christopher Kalos
Cc: Poptop Mailing List
Subject: Re: [pptp-server] Poptop through NAT redux


   Just a stupid question, but did you check to make sure that after
adding the 4th card, your box didn't renumber the ethernet interfaces
starting with the new card?

    In other words, make sure the logical interface name matches the
physical card you think it should.


Christopher Kalos wrote:
>         This weekend, we were forced to add a fourth interface to our
firewall.  As
> a result, we now have the following setup:
>         Outside link->Firewall--|
>                                         |-- DMZ
>                                         |-- NAT 1
>                                         |-- NAT 2
>         The logic behind this is that the second NAT network needs to be
> isolated from our DMZ and primary NAT network for security reasons.  It's
> only there to allow visitors (or in this case, I suppose "tenants" is a
> better word) to share our bandwidth.
>         The firewall is running FreeBSD 4.3, using ipfw and out of box
natd.  The
> VPN server has been on the primary NAT network, with proper redirects in
> place for the GRE protocol and pptp port in place since it was built.
> However, once we added the new interface (fxp3), the VPN immediately
> I'm not getting logs on the VPN server at all, and the firewall isn't
> reporting any rejected packets.
>         Has anyone had any experience with this sort of situation?
Telling me to
> move the VPN server outside isn't an option, and the same applies to
> rid of this secondary NAT network, or switching off of PoPToP.  There are
> multiple internal reasons for this design, and none of them can be
> Thanks in advance,
> Christopher Kalos
> Systems Administrator
> Gotham Broadband
> 212.206.9620 x340
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list