Vance:
Hey, I know it's tacky to follow-up one's own email,
but I just had time to test this idea on my LAN, using an
echowall firewall on ES2B, with my wife's WinNT IPSec client
and, oh my, it works.
So, I'm now *very* interested if this works for your
PPTP VPN. Thanks!
-Scott
On Fri, 6 Jul 2001, Scott C. Best wrote:
> Vance:
>
> You also forgot to mention how many IP addresses you
> have. :) Okay, I'll assume one. Try this:
>
> 1. PPTP uses GRE packets (protocol 47) and TCP packets (protocol 6)
> to port 1723. The GRE packets are forwarded across your
> firewall with the ipfwd command, the TCP packets use the more
> traditional ipmasqadm command.
>
> 2. Setup the ipfwd and ipmasqadm commands so that they forward to
> a single IP address, but set this IP address to be the broadcast
> address of your LAN. I've no idea if this will work. :)
>
> 3. To make these changes in echowall, edit the two PPTP lines to
> look like this:
>
> OLD
> ---
> #PPTP#$IPMASQADM portfw -a -P tcp -L $IP_EXT 1723 -R $PPTP_HOST 1723
> #PPTP#ipfwd --masq $PPTP_HOST 47 &
> ---
>
> NEW
> ---
> #PPTP#$IPMASQADM portfw -a -P tcp -L $IP_EXT 1723 -R $LAN_BCAST 1723
> #PPTP#ipfwd --masq $LAB_BCAST 47 &
> ---
>
> Where $LAN_BCAST is set to whatever works on your LAN,
> likely something like "192.168.0.255". In fact, this command
> will show you what to set it to:
>
> ip addr show eth1 | grep inet | cut -d \ -f 4
>
> Again, caveat emptor here: I've no idea if the higher
> layer software will like this, no am I sure if a windoze boxes
> TCP/IP stack will listen to a broadcast packet.
> But...I know a way to find out. :) Good luck!
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user