To route the GRE traffic you need the ipfwd program. If you like I can send you a ipfwd debian package. You have to patch the kernel too, at least I had to do it for 2.2.16.
I am using the the following commands in my firewall script to enable PPTP traffic to an internal Windows PPTP server: ipchains -A forward -p tcp -s $host_pptp -d $any 1723 -j MASQ ipchains -A forward -p 47 -s $host_pptp -d $any -j MASQ ipmasqadm portfw -a -P tcp -L $ip_dmz 1723 -R $host_pptp 1723 nohup ipfwd --masq $host_pptp 47 > /dev/null & Here $host_pptp ist the internal pptp server, $any is 0/0 and $ip_dmz is the ip address of the external interface of my router. Regards, Werner > -----Original Message----- > From: Brendan J Simon [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 17, 2000 5:46 AM > To: debian-firewall > Subject: debian-firewall: routing GRE for PPTP VPNs. > > > I'm trying to setup our firewall so that a remote user can access our > network via a Win2000 server (using PPTP). I have ipmasq installed on > the debian firewall. I can route the pptp packets through with the > following command. > $ ipmasqadm portfw -a -P tcp -L my.firewall.ip.address 1723 -R > my.win2000.ip.address 1723 > > How do I route the GRE protocol to the Win2000 machine ? > Do I use portfw, autofw or mfw ? > > The VPN-Masquerade HOWTO says that the 2.2 kernels need to be > patched to > allow GRE and ESP protocols to be forwarded. Is the debian 2.2.17 > kernel already patched for this or do I have to do it manually ?? > > Thanks for any help. Please CC any replies to me as well as the list. > Thanks, > Brendan Simon. > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
