[Masq] PPTP masq

jeff sacksteder Tue, 05 Sep 2000 09:31:34 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


I am attempting to forward PPTP traffic to a server inside my private
address space and getting a little angry.

I'm using 2.2.16 + VPN masq patch
All neccesary options appear to be turned on.
Firewall has Eth0(outer) and Eth1(inner)

PPTP is composed of a control channel(TCP/1723) and a encapsulated data
channel (IP/47)

I'm running the following script to start up masq:
(I know it's insecure, it's just a prototype)
-----begin-----
ipchains -P input ACCEPT
ipchains -P forward ACCEPT
ipchains -P output ACCEPT
ipchains -A forward -j MASQ

# forward tcp/1723 to PPTP server
ipmasqadm portfw -a -P tcp -L 209.13.119.231 1723 -R 192.168.170.20 1723

# forward tcp/80 to WWW server
ipmasqadm portfw -a -P tcp -L 209.13.119.231 80 -R 192.168.170.5 80

# forward inbound GRE
ipfwd --masq 192.168.170.20 47 &

# turn on routing
echo 1 > /proc/sys/net/ipv4/ip_forward
-----end-----

SYMPTOM:

IPchains appear to work.
Masqerading for nodes behind the firewall works perfectly.
Forwarding port 80 to my internal web server works perfectly.
When attempting to forward port 1723, packets never get to masqeraded
server. From sniffing the wire inside the masqueraded side, I can tell you
that no packets are being sent to my internal server. The three-way
handshake never finishes and my connection times out. This command is almost
exactly like the previous port 80 line. Why will the same command forward
port 80 but not port 1723? If I telnet to the port from inside the firewall,
my connection completes, but nothing happens. That is what I would expect to
happen. I have RTFM forwards and backwards. I must be missing something
obvious...

Help me... please?


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
[Masq] PPTP masq

Reply via email to
