Jerahmy Pocott skrev:

On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
Hello Jerahmy,

Some progress it seems? Why not set it to allow gre from VPN server only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?

The way you ask your question, 'make it work without static ip or allowing all traffic', isn't that contradictory?

As for the frag part, I'd say that if gre needs frag, then you will have to enable it.

About the CVS, I seem to have misunderstood your question. I assumed wanted to recieve CVS inbound and not serve it outbound, or am I mistaking again?


Yes, that is what I meant by 'static ip' I could allow all gre from the specific ip address but I would prefer that gre traffic be allowed from a host only when an existing connection
has been opened to it.. is a CVS server.

It seems to me that natd works better with ipsec
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Hello again Jerahmy,

It would seem that there is a PPTP proxy in ipf that you might want to try as well. The syntax would be:

map fxp1 -> 0/32 proxy port 1723 pptp/tcp

Good luck!


_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to