"Mark-Nathaniel Weisman" <[EMAIL PROTECTED]> wrote: <long lines re-formatted> >I have a W2K VPN server (RRAS using PPTP) setup behind my FreeBSD firewall. >I also have a web server, mail server, and several others. I've setup up my >ipfw to allow packets for port 1723 on both tcp and udp from any to any, >and setup up NATD to redirect_port 1723 to the internal address of my VPN >box. I am unable to pass the packets through, and when I put the redirect >statement in my natd.conf file, none of the redirection works. I've tried >redirecting both the port and the protocol to no avail. >Can someone take a moment to explain where I'm going wrong?
You need to pass proto gre. Ipfw may do this by default, I'm not sure, but I had to add: pass in quick on ed0 proto gre all pass out quick on ed0 proto gre all to get a VPN working through an ipf firewall. You may not need to redirect 1723 if the firewall is 'stateful' and you initiate the connection from 'this' end. HTH John. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"