Hello, I investigated further the problem.
Using 2 snoops, one on each ethernet card (public and private), I can see
traffic on 1732 started
by my internal win machine, the I can see the reply on that port coming to my
wan, then to my lan
up to the win machine.
After, I just can see packets coming from the remote machine (stated as IP, but
probably gre),
getting into the firewall and going into the lan up to the win machine.
No packet is going from the win machine on any destination.
Maybe the gre traffic is not correctly natted? Does ipfilter do masquerading on
gre?
Gabriele.
-= Mail sent through WebTop2 =-
Da:
Gabriele Bulfon
A:
[email protected]
Data:
10 novembre 2010 17.02.22 CET
Oggetto:
Confused by pptp and gre, what is the true way to do it?
Hello, I've read around about how to make windows pptp vpn work behind
ipfilter, but I've seen
a lot of confusion...(to me, at least).
My windows machine is in the LAN, passing through a solaris machine with
ipfilter 4.1.9.
What are the general rules to let Windows pass the NAT and run the handshake?
Some talks about proxy / pptp rules mappings, some talks about just opening the
ports...
I tried this but it doesn't work:
ipnat:
#NAT rules
map igb1 mylan/24 -mypubip/32 proxy port ftp ftp/tcp
map igb1 mylan/24 -mypubip/32 portmap tcp/udp 10000:40000
map igb1 mylan/24 -mypubip/32
#redirect gre to my windows machine
rdr igb1 mypubip/32 -winlanip gre
ipf:
#NAT windows machine
pass out quick on igb1 from mywinip/32 to any keep state
#Let gre enter the firewall
pass in quick on igb1 proto gre from any to mypubip/32
#Let gre pass the rdr
pass in quick on igb1 proto gre from any to winlanip/32
-= Mail sent through WebTop2 =-
