On 2008-03-17, Dave Beckstrom <[EMAIL PROTECTED]> wrote: > I have an OpenBSD 3.3 transparently bridged packet filtering firewall.
It's had a good long run, but please update this 5-year old system which you have in a *security* role... > I am finding conflicting information on what ports/protocol to open up. > Microsoft is saying protocol ID 47 and TCP port 1723 both inbound and > outbound. If that's true, then something like the following should work: > > pass in quick on ext_if proto 47 from any to any > pass out quick on ext_if proto 47 from any to any > > pass in quick on ext_if proto tcp from any to any port 1723 keep state > pass out quick on ext_if proto tcp from any to any port 1723 keep state Don't forget to pass traffic on the internal interface. On 2008-03-17, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > There is work going on now that > might solve this soon (as in patches on tech@, may turn up in > snapshots soonish) It's OK through a normal packet filter, and a single user behind a NAT is also OK. PPTP only needs to be proxied when you have more than one concurrent endpoint behind a NAT.