/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ * kernel - RedHat 2.2.12 * VPN-Masq-Patch - ip_masq_vpn-2.2.11.patch.gz (This patch was downloaded from http://www.wolfenet.com/~jhardin/ip_masq_vpn.html and applies to both 2.2.11 and 2.2.12 kernels) * NOTE - John Hardin also recommended installing an additional patch for RedHat users who were installing the VPN-Masq patch via RPM. Although I did not use an RPM I did get a failed hunk, and the additional patch did fix the problem (ip_masq_vpn-RH2.12.patch.gz) The kernel re-compile went well. I temporarily ran a "weak" verison of rc.firewall (basically masquerading, and allowing everything else) and a PPTP session between an internal host and the server (also behind a firewall) was successfull. I have been using the rc.firewall script created by David Ranch (currently using v3.50) - Thanks - it really is excellent. Unfortunately, it is so good, that I have only had to make minor modifications. I have been struggling to correctly modify it to establish a PPTP connection with the full ruleset. I changed the PPTP UDP and TCP port OUTPUT rules to ACCEPT. This does not work (Microsoft Client hangs at Verifying Username and Password). I also tried creating an additional line to ACCEPT GRE 47 (no errors when the script ran, but not successful). I then tried adding INPUT rules to allow the same input back in. I read the script earlier - and it seems that traffic coming in from unprivileged ports is rejected unless initiated by the internal host. I also tried looking at the IP-Masq How-To for other examples, but am still having problems. I will keep hacking away - if anyone can help that would be great too. Thanks, J.R. Carlucci _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
