Re: [Masq] PPTP masq

Fri, 22 Sep 2000 11:22:17 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Hey, I'm running into _exactly_ the same situation: same kernel, same patch,
same right down the line, including success in forwarding the ports to the
same inside machine for Web and mail, but failure with PPTP.

Has a solution been found? Is 2.2.16 + patch flawed?

All clues welcome. Thanks.

Whit

On Tue, Sep 05, 2000 at 12:31:06PM -0400, jeff sacksteder wrote:

> I'm using 2.2.16 + VPN masq patch
> All neccesary options appear to be turned on.
> Firewall has Eth0(outer) and Eth1(inner)
> 
> PPTP is composed of a control channel(TCP/1723) and a encapsulated data
> channel (IP/47)
> 
> I'm running the following script to start up masq:
> (I know it's insecure, it's just a prototype)
> -----begin-----
> ipchains -P input ACCEPT
> ipchains -P forward ACCEPT
> ipchains -P output ACCEPT
> ipchains -A forward -j MASQ
> 
> # forward tcp/1723 to PPTP server
> ipmasqadm portfw -a -P tcp -L 209.13.119.231 1723 -R 192.168.170.20 1723
> 
> # forward tcp/80 to WWW server
> ipmasqadm portfw -a -P tcp -L 209.13.119.231 80 -R 192.168.170.5 80
> 
> # forward inbound GRE
> ipfwd --masq 192.168.170.20 47 &
> 
> # turn on routing
> echo 1 > /proc/sys/net/ipv4/ip_forward
> -----end-----
> 
> SYMPTOM:
> 
> IPchains appear to work.
> Masqerading for nodes behind the firewall works perfectly.
> Forwarding port 80 to my internal web server works perfectly.
> When attempting to forward port 1723, packets never get to masqeraded
> server. From sniffing the wire inside the masqueraded side, I can tell you
> that no packets are being sent to my internal server. The three-way
> handshake never finishes and my connection times out. This command is almost
> exactly like the previous port 80 line. Why will the same command forward
> port 80 but not port 1723? If I telnet to the port from inside the firewall,
> my connection completes, but nothing happens. That is what I would expect to
> happen. I have RTFM forwards and backwards. I must be missing something
> obvious...

 \/\/ I-I I T 
 Blauvelt
 [EMAIL PROTECTED]

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to