Dustin, This was my setup and it worked! Hope this helps Watch out this are indexed variables!!! Change them!!!
#EXTERN_TCP_PORT4="0/0 1723 192.168.1.24/32" #Microsoftp PPTP #EXTERN_PROTO0="47 0/0 192.168.1.24/32" #GRE INTERN_PPTP_SERVER=192.168.1.xx # Internal M$ PPTP server to make available #INTERN_SERVER2="tcp ${EXTERN_IP} 1723 ${INTERN_PPTP_SERVER} 1723" Sergio > -----Mensaje original----- > De: Dustin Reiner [mailto:[EMAIL PROTECTED]] > Enviado el: Friday, April 12, 2002 15:48 > Para: Scott C. Best; [EMAIL PROTECTED] > Asunto: RE: [Leaf-user] VPN behind Dachstein > > > Yes, I have allowed both port 47 and port 1723 with: > EXTERN_PROTO0="47 vpnserverip/32" > EXTERN_PROTO1="1723 vpnserverip/32" > > I have forwarded pptp traffic to the vpn server with: > ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723 > > and I have allowed GRE tunneling with: > > ipfwd --masq vpnserverip 47 & > > but I still cannot connect. The firewall rules shown in > Weblet regarding > pptp are below. Do these look right? If someone could > summarize the steps > to do this, to make sure I didn't miss anything, it would be greatly > appreciated. > > Thanks, > Dustin > > 0 0 ACCEPT 47 ------ 0xFF 0x00 eth0 > vpnserverip externalip n/a > 0 0 ACCEPT 1723 ------ 0xFF 0x00 eth0 > vpnserverip externalip n/a > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Scott C. Best > Sent: Friday, April 12, 2002 2:30 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [Leaf-user] VPN behind Dachstein > > > Dustin: > > Heya. Just a quick check to see if you've told your > firewall to allow those protocol=47 packets to come through. > You got the TCP port=1723 ones for PPTP right, but there's > two pieces to it. > > -Scott > > > Hello, > > > > I am attempting to replace a 2.9.4 based firewall with > Dachstein. The > > current firewall forwards VPN traffic to a server behind > itself. I have > > setup the new server with the following entries in > network.conf, but I > have > > apparently missed something because I can't connect. If > anyone can help, > I > > would appreciate it. > > > > Thanks, > > Dustin > > > > -snip- > > # TCP services open to outside world > > # Space seperated list: srcip/mask_dstport > > #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023" > > EXTERN_TCP_PORTS="0/0_vpn" > > -snip- > > # Advanced settings: parameters passed directly to portfw and autofw > > # Indexed list: "<ipmasqadm portfw options>" > > #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT > [-p PREF]" > > #INTERN_SERVER1="" > > INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723" > > -snip- > > > > I have also added the vpn service to /etc/services as: > > > > vpn 1723/tcp #vpn traffic > > > > and am running ipfwd as: > > > > /usr/sbin/ipfwd --masq vpnserverip 47 & > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user