Re: [Masq] PPTP masq

John D. Hardin Sat, 09 Sep 2000 19:03:35 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


On Tue, 5 Sep 2000, jeff sacksteder wrote:

> I'm using 2.2.16 + VPN masq patch
> All neccesary options appear to be turned on.
> Firewall has Eth0(outer) and Eth1(inner)
> 
> I'm running the following script to start up masq:
> (I know it's insecure, it's just a prototype)
> -----begin-----
> ipchains -P input ACCEPT
> ipchains -P forward ACCEPT
> ipchains -P output ACCEPT
> ipchains -A forward -j MASQ

Try adding "-i eth0" to that forward rule, so that you don't
masquerade inbound traffic...

> Forwarding port 80 to my internal web server works perfectly. When
> attempting to forward port 1723, packets never get to masqeraded
> server. From sniffing the wire inside the masqueraded side, I can
> tell you that no packets are being sent to my internal server. The
> three-way handshake never finishes and my connection times out.
> This command is almost exactly like the previous port 80 line. Why
> will the same command forward port 80 but not port 1723? If I
> telnet to the port from inside the firewall, my connection
> completes, but nothing happens. That is what I would expect to
> happen. I have RTFM forwards and backwards. I must be missing
> something obvious...

Ouch. That's a weird one. Doesn't ipmasqadm have an option to list the
portforwarded connections? What does that report?

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 [EMAIL PROTECTED]      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
                                -- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   50 days until Daylight Savings Time ends

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
Re: [Masq] PPTP masq

Reply via email to
