Hi Scott and others, I'm still looking at Oxygen and Dachstein. Oxygen looks really good but it's setup didn't work well for me, and have only just looked at dachstein. But let me explain what I have been doing till now.
I have a 2.9.8 LRP and I have 3 ip addresses bound to my external interface. I just added this to network.conf and it works great: IF0_IFNAME=eth0 IF0_IPADDR=208.x.x.197 IF0_NETMASK=255.255.254.0 IF0_BROADCAST=208.181.73.255 IF0_IP_SPOOF=YES IF1_IFNAME=eth1 IF1_IPADDR=192.168.73.1 IF1_NETMASK=255.255.255.0 IF1_BROADCAST=192.168.73.255 IF1_IP_SPOOF=YES IF2_IFNAME=eth0:0 IF2_IPADDR=208.x.x.196 IF2_NETMASK=$IF0_NETMASK IF2_BROADCAST=$IF0_BROADCAST IF2_IP_SPOOF=YES IF3_IFNAME=eth0:1 ... Then I call my own firewall script from network_direct.conf using ipchains and also forward to three boxes behind. Since I run a couple of mail servers, the flexibility of NAT is very practical. Looking at dachstein network.conf, I think I might be a able to accomplish the same without my script, but I am willing to work with or without it. In any case though I am not sure how to go about the 3 ip's on eth0 in dachstein. Once I get that going I can start on the pptp stuff. Any suggestions much appreciated. Thanks, Boyd -----Original Message----- From: Scott C. Best [mailto:[EMAIL PROTECTED]] Sent: March 4, 2002 6:18 PM To: Boyd Kelly Subject: RE: [Leaf-user] forwarding Protocal 47(gre) on Eigerstein LRP Boyd: Heya. You may be right: Oxygen is a great platform, but Dachstein is a better out-of-the-box solution. -Scott On Mon, 4 Mar 2002, Boyd Kelly wrote: > Thanks Scott, > > I've been fiddling around with the Oxygen version today. Seems like > the Dachstein will be a better bet for what I want to do. > > Will try it out tomorrow. > > Boyd > > -----Original Message----- > From: Scott C. Best [mailto:[EMAIL PROTECTED]] > Sent: March 4, 2002 10:42 AM > To: Lonnie Cumberland > Cc: [EMAIL PROTECTED]; Boyd Kelly > Subject: Re: [Leaf-user] forwarding Protocal 47(gre) on Eigerstein LRP > > > Lonnie, Boyd: > > Ah, serendipity. :) One email, two answers... > > To get a PPTP-based VPN client working from behind a LEAF/LRP disk, > you need to do four things (none of which is to search the email > archives, though that works too ;): > > 1. Be sure to be using a "VPN enabled kernel". Dachstein has > this by default. Earlier stuff, including 2.9.8, doesn't. > See Charles' page for the kernels. If you install a new > one, *always* install with it the associated modules. > > 2. Load the PPTP masq module: uncomment its line in /etc/modules, > backup, reboot. > > 3. Goof the firewall rules to allow protocol 47 and port 1723 > in. > > 4. Use the "ipfwd" utility (ships by default) to forward the > GRE (protocol 47) packets across the firewall. > > > As you'd expect, steps 3 & 4 are done for you automagically using the > echoWall package. > Hope this helps! > > -Scott > > > On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > > > Hello, > > > > Could you please tell me how to prot forward this protocal 47 on my > > Eigerstein LRP box? > > > > I know how to forward regular ports coming in to a server behind the > > firewall, but I do not know about htis protocal 47 (gre) > > > > Thanks, > > Lonnie > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
