Hi, everyone, I have a linux box with ipchains built in it. I used "ipfwd" and "ipmasqadm portfw" to pass through VPN packages. Here is my rules: internal VPN server IP = 192.168.0.2 external IP of firewall = 199.100.20.1 eth0 = external interface of firewall # port forwarding for 1723 ipmasqadm portfw -a -P tcp -L 199.100.20.1 1723 -R 192.168.0.2 1723 # redirect protocol 47 /usr/local/sbin/ipfwd --masq --syslog 192.168.0.2 47 & I also have ipchains rules setup as below: $IPCHAINS -A input -p tcp -s 199.100.20.1/24 -d 0/0 1723 -i eth0 -j ACCEPT $IPCHAINS -A input -p udp -s 199.100.20.1/24 -d 0/0 1723 -i eth0 -j ACCEPT $IPCHAINS -A input -p 47 -s 199.100.20.1/24 -d 0/0 -i eth0 -j ACCEPT When I tried to access VPN server from outside, it seems that the connection got through the firewall and asked for authentication from VPN server. Here is part of the log dump on VPN server: Sep 25 19:05:29 lemon pptpd[11728]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Sep 25 19:05:29 lemon pptpd[11728]: CTRL: local address = 192.168.0.52 Sep 25 19:05:29 lemon pptpd[11728]: CTRL: remote address = 192.168.0.52 Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Client 211.120.13.164 control connection started Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Received PPTP Control Message (type: 1) Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Made a START CTRL CONN RPLY packet Sep 25 19:05:29 lemon pptpd[11728]: CTRL: I wrote 156 bytes to the client. Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Sent packet to client Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Received PPTP Control Message (type: 7) Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Set parameters to 0 maxbps, 16 window size Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Made a OUT CALL RPLY packet Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Starting call (launching pppd, opening GRE) Sep 25 19:05:29 lemon pptpd[11728]: CTRL: pty_fd = 4 Sep 25 19:05:29 lemon pptpd[11728]: CTRL: tty_fd = 5 Sep 25 19:05:29 lemon pptpd[11729]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 25 19:05:29 lemon pptpd[11729]: CTRL (PPPD Launcher): local address = 192.168.0.52 Sep 25 19:05:29 lemon pptpd[11729]: CTRL (PPPD Launcher): remote address = 192.168.0.52 Sep 25 19:05:29 lemon pptpd[11728]: CTRL: I wrote 32 bytes to the client. Sep 25 19:05:29 lemon pptpd[11728]: CTRL: Sent packet to client But the following came out after about 10 seconds. From win98, it was 650 error which means the package isn't through firewall successfully. Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Received PPTP Control Message (type: 12) Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Made a CALL DISCONNECT RPLY packet Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Received CALL CLR request (closing call) Sep 25 19:05:59 lemon pptpd[11728]: CTRL: I wrote 148 bytes to the client. Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Sent packet to client Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Error with select(), quitting Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Client 211.120.13.164 control connection finished Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Exiting now Sep 25 19:05:59 lemon pptpd[470]: MGR: Reaped child 11728 I suppose that I need more proper ipchains rules for forward (maybe?). Can anyone help me with this? Appreciate very much. Alan - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
