[pptp-server] Poptop through NAT redux

Christopher Kalos ckalos at gothambroadband.com
Tue Oct 16 08:56:56 CDT 2001 

	Nevermind, somehow my constantly restarting natd (to test various
additional options) finally kicked it back into working order.  Don't ask
how, since I can't figure it out either.

Thanks,

CK

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher
Kalos
Sent: Monday, October 15, 2001 12:16 PM
To: Poptop Mailing List
Subject: RE: [pptp-server] Poptop through NAT redux


	Yeah, I made sure about that one, too.  The other interfaces are unchanged,
and the new interface is set to fxp3.

CK

-----Original Message-----
From: droman2 at gothambroadband.com [mailto:droman2 at gothambroadband.com]On
Behalf Of Dean Roman
Sent: Monday, October 15, 2001 5:15 AM
To: Christopher Kalos
Cc: Poptop Mailing List
Subject: Re: [pptp-server] Poptop through NAT redux


Christopher,

   Just a stupid question, but did you check to make sure that after
adding the 4th card, your box didn't renumber the ethernet interfaces
starting with the new card?

    In other words, make sure the logical interface name matches the
physical card you think it should.

Thanks,
   ---Dean.



Christopher Kalos wrote:
>
>         This weekend, we were forced to add a fourth interface to our
firewall.  As
> a result, we now have the following setup:
>         Outside link->Firewall--|
>                                         |-- DMZ
>                                         |-- NAT 1
>                                         |-- NAT 2
>
>         The logic behind this is that the second NAT network needs to be
completely
> isolated from our DMZ and primary NAT network for security reasons.  It's
> only there to allow visitors (or in this case, I suppose "tenants" is a
> better word) to share our bandwidth.
>         The firewall is running FreeBSD 4.3, using ipfw and out of box
natd.  The
> VPN server has been on the primary NAT network, with proper redirects in
> place for the GRE protocol and pptp port in place since it was built.
> However, once we added the new interface (fxp3), the VPN immediately
broke.
> I'm not getting logs on the VPN server at all, and the firewall isn't
> reporting any rejected packets.
>         Has anyone had any experience with this sort of situation?
Telling me to
> move the VPN server outside isn't an option, and the same applies to
getting
> rid of this secondary NAT network, or switching off of PoPToP.  There are
> multiple internal reasons for this design, and none of them can be
changed.
>
> Thanks in advance,
>
> Christopher Kalos
> Systems Administrator
> Gotham Broadband
> 212.206.9620 x340
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list