I looked at echowall.lrp and from it I gathered that I should add the rules:
$IPCH -A input -s 0/0 -d 207.202.240.236/32 1723 -p tcp -l -j ACCEPT $IPCH -A input -s 0/0 -d 207.202.240.236/32 -p 47 -j ACCEPT $IPMASQADM portfw -a -P tcp -L 207.202.240.236 1723 -R 192.168.1.7 1723 ipfwd --masq 192.168.1.7 47 & to /etc/ipfilter.conf(?). 207.202.240.236 is my external IP (or should I use eth0?). I want to avoid using another package (echowall) for firewalling to prevent any more confusion on my part. I just want to pass TCP/1723 and GRE to 192.168.1.7 from the external interface. Will it work with the way I have it set up? -Scott -----Original Message----- From: Scott C. Best [mailto:[EMAIL PROTECTED]] Sent: Monday, February 18, 2002 3:04 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] PPTP forward IN through Dachstein CD firewall? Scott: Heya. Yes, you can port-forward a PPTP VPN connection pretty easily thru a Dachstein firewall. It comes with a "VPN enabled" kernel, so all you'll need to do is to uncomment the pptp masq module in /etc/modules (the line which reads ip_masq_pptp), and tweak your firewall rules. Backup etc, reboot, and you should be good to go. As for the firewall part, have a look in the echowall.lrp package. There's a section in echowall.rules that's devoted to PPTP. You can either use it with the echowall package, or cut&paste it into whatever DCD firewall you're most comfortable with. Hope this helps! -Scott > Is it possible to route GRE (protocol 47) to an internal VPN server? I have > a Dachstein CD firewall (1.0.2) at the entry point into my network and a > win2k pdc which accepts VPN connections. Thanks for any help. > > -Scott _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
