Jerahmy Pocott skrev:
On 26/11/2007, at 1:00 AM, Roger Olofsson wrote:
Hello Jerahmy, (sorry for top-posting, btw).
Gre is protocol 47. In your firewall rules you only allow/block
protocols tcp/udp/icmp. If you want to use PPTP you will need to allow
both the port and the protocol for it.
I put:
pass out quick on fxp1 proto gre from any to any keep state
This allowed the PPTP connection to establish, how ever trying to use apps
over that connection resulted in:
fxp1 (block all rule) b x.x.x.x -> 10.0.0.3 PR gre len 20 (53) (frag
57516:[EMAIL PROTECTED]) IN bad NAT
By placing to rule:
pass in quick on fxp1 proto gre from any to any
and allowing frags everything started working properly, but allowing all
gre traffic in doesn't seem
like a good idea.. Is there any way to make this work without putting
static ip address rules or allowing
all traffic?
In your original question you mentioned having problems with CVS. From
the looks of it, you redirect CVS to 10.0.0.2, meaning that all users
on that machine can use CVS.
The redirect rule is supposed to redirect connections to CVS on the
external interface to
10.0.0.2 on the internal lan, where the CVS server is actually running.
Cheers,
J.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Hello Jerahmy,
Some progress it seems? Why not set it to allow gre from VPN server
only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
The way you ask your question, 'make it work without static ip or
allowing all traffic', isn't that contradictory?
As for the frag part, I'd say that if gre needs frag, then you will have
to enable it.
About the CVS, I seem to have misunderstood your question. I assumed
10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or am
I mistaking again?
/Roger
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"