RE: [Leaf-user] VPN behind Dachstein

Dustin Reiner Fri, 12 Apr 2002 11:30:16 -0700

Yes, I have allowed both port 47 and port 1723 with:
EXTERN_PROTO0="47 vpnserverip/32"
EXTERN_PROTO1="1723 vpnserverip/32"


I have forwarded pptp traffic to the vpn server with:
ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723

and I have allowed GRE tunneling with:

ipfwd --masq vpnserverip 47 &

but I still cannot connect.  The firewall rules shown in Weblet regarding
pptp are below.  Do these look right?  If someone could summarize the steps
to do this, to make sure I didn't miss anything, it would be greatly
appreciated.

Thanks,
Dustin

0     0 ACCEPT     47   ------ 0xFF 0x00  eth0
vpnserverip           externalip       n/a
0     0 ACCEPT     1723 ------ 0xFF 0x00  eth0
vpnserverip           externalip       n/a

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best
Sent: Friday, April 12, 2002 2:30 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein


Dustin:

        Heya. Just a quick check to see if you've told your
firewall to allow those protocol=47 packets to come through.
You got the TCP port=1723 ones for PPTP right, but there's
two pieces to it.

-Scott

> Hello,
>
>    I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect.  If anyone can help,
I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: "<ipmasqadm portfw options>"
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn           1723/tcp        #vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

Reply via email to