Re: pfil/ipfilter checkup..

homer_simpson Fri, 04 Mar 2005 22:56:55 -0800

Some help on pptp proxy rules? sorry if I have missed the point...

I want to go from pptp client, private -> NAT -> (pppoe via DSL) public ... accross the internet to a PPTP server.

I tried adding a map rule and various syntax but can't seem to get it right. Every thing I google indicate redirect rules... but that does not seem to be what I need My understanding is that rdr would be used if I was hosting a PPTP serverm and I would redirect teh inboud to the server...?

SO..I assume that I need map... "map sppp0 192.168.0.1/24 -> 0/32" then add some thing to indicate proxy/gre/port 1723 ???? and assume I would need to allow the gre protocol through the interface filter as well in the ipf.conf rules...


Help, Darren or anyone?

Many thanks

my current rules would be...
#ipnat.conf
##########
map sppp0 192.168.0.1/24 -> 0/32  proxy port ftp ftp/tcp mssclamp 1402
map sppp0 192.168.0.1/24 -> 0/32  portmap tcp/udp auto mssclamp 1402
map sppp0 192.168.0.1/24 -> 0/32 mssclamp 1402

#ipf.conf ############ #dmfe1 #pass in log from 192.168.0.0/24 to any keep state pass in log quick on dmfe1 from 192.168.0.0/24 to any keep state pass in log quick on dmfe1 proto icmp from 192.168.0.0/24 to any keep state keep frags pass out on dmfe1 from 192.168.0.0/24 to any keep state


# sppp0
block out on sppp0 from 192.168.0.0/24 to any
block in on sppp0 from 192.168.0.0/24 to any
block out on dmfe0 from 192.168.0.0/24 to any

pass in quick on sppp0 from any to 0/0 port = 25  keep state

Some good feedback!
I compiled 4.1.6 and 2.1.5 last weekend, installed and cpu panic as soon as ipfboot kicked in (I think) I backed out ipf to ipf4.1 ish (with some pppoe and sppp0 patches), leaving pfil 2.1.5 installed (originally 2.1.1) and that was fine.

I just tried this release of pfil & ipf and it is working, no panics... AWESOME!!!!
SunOS 5.9 Generic_112233-10 sun4u
Next to test PPTP... (which is really why I upgrade) but that may have to wait a few days...
Grant
Before deciding to stamp a new release of ipfilter and pfil, could a few
people please try downloading the below and using them on Solaris?
I've rolled in all of John's changes (thank you very much for those, it
is nice to have a new pair of eyes look over it!) from the past week or
so.
There's also the inclusion of the overhaul of pptp proxy.
Thanks,
Darren
http://coombs.anu.edu.au/~avalon/ip_fil4.1next.tar.gz
http://coombs.anu.edu.au/~avalon/pfil-next.tar.gz

Re: pfil/ipfilter checkup..

Reply via email to