Hi, I'm trying to get a PPTP server working behind a masquerading firewall. I have verified that the PPTP server is working; clients which contact the server directly are able to establish a VPN connection with no problems. However, trying to access the PPTP server via the firewall results in a 650 error message (from a Windows 95 client) - "the server is not responding to network requests". Interestingly enough, the client gets past the "dialling" phase to the "verifying username and password" phase, but never to the "Logging on to network" bit. My configuration is as follows: NT4 PPTP Server (with all current service packs and hotfixes), hiding behind a Linux 2.0.33 firewall, compiled with the following options: CONFIG_FIREWALL, CONFIG_NET_ALIAS, CONFIG_INET, CONFIG_IP_FORWARD CONFIG_IP_MULTICAST, CONFIG_SYN_COOKIES, CONFIG_RST_COOKIES CONFIG_IP_FIREWALL, CONFIG_IP_MASQUERADE, CONFIG_IP_MASQUERADE_IPAUTOFW CONFIG_IP_MASQUERADE_IPPORTFW, CONFIG_IP_MASQUERADE_ICMP CONFIG_IP_TRANSPARENT_PROXY, CONFIG_IP_ALWAYS_DEFRAG My start-up script looks like: /sbin/ipfwadm -I -f /sbin/ipfwadm -O -f /sbin/ipfwadm -F -f /usr/local/sbin/ipportfw -C /sbin/ipfwadm -F -p deny /usr/local/sbin/ipportfw -A -t ext.ip.addr/1723 -R 192.168.100.2/1723 /usr/local/sbin/ipfwd --masq --syslog 192.168.100.2 47 & /sbin/ipfwadm -F -a accept -m -S 192.168.100.0/24 -D 0.0.0.0/0 which I built using the README in the ipfwd-1.0.0 source. I can get the inbound TCP connection on port 1723 using telnet, and hosts on the internal network are all able to access Internet hosts using both TCP and UDP protocols (I can ping and telnet just about everywhere). I know the inbound protocol 47 forwarding is working, because my syslog shows: /usr/local/sbin/ipfwd[91]: forwarding ip proto 47 from ext.client.ip.addr to 192.168.100.2 But PPTP connections fail miserably. Is there something I've missed? Has anyone got a setup like this working? TIA, Simon the puzzled. -- Simon Cocking <[EMAIL PROTECTED]> Internet Business Services Melbourne, Australia. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
