RE: [Leaf-user] VPN behind Dachstein

Sergio Morilla Fri, 12 Apr 2002 11:53:21 -0700

Dustin,

This was my setup and it worked!
Hope this helps
Watch out this are indexed variables!!! Change them!!!


#EXTERN_TCP_PORT4="0/0 1723 192.168.1.24/32"    #Microsoftp PPTP
#EXTERN_PROTO0="47 0/0 192.168.1.24/32"         #GRE
INTERN_PPTP_SERVER=192.168.1.xx # Internal M$ PPTP server to make available
#INTERN_SERVER2="tcp ${EXTERN_IP} 1723 ${INTERN_PPTP_SERVER} 1723"

Sergio

> -----Mensaje original-----
> De: Dustin Reiner [mailto:[EMAIL PROTECTED]]
> Enviado el: Friday, April 12, 2002 15:48
> Para: Scott C. Best; [EMAIL PROTECTED]
> Asunto: RE: [Leaf-user] VPN behind Dachstein
> 
> 
> Yes, I have allowed both port 47 and port 1723 with:
> EXTERN_PROTO0="47 vpnserverip/32"
> EXTERN_PROTO1="1723 vpnserverip/32"
> 
> I have forwarded pptp traffic to the vpn server with:
> ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723
> 
> and I have allowed GRE tunneling with:
> 
> ipfwd --masq vpnserverip 47 &
> 
> but I still cannot connect.  The firewall rules shown in 
> Weblet regarding
> pptp are below.  Do these look right?  If someone could 
> summarize the steps
> to do this, to make sure I didn't miss anything, it would be greatly
> appreciated.
> 
> Thanks,
> Dustin
> 
> 0     0 ACCEPT     47   ------ 0xFF 0x00  eth0
> vpnserverip           externalip       n/a
> 0     0 ACCEPT     1723 ------ 0xFF 0x00  eth0
> vpnserverip           externalip       n/a
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of 
> Scott C. Best
> Sent: Friday, April 12, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] VPN behind Dachstein
> 
> 
> Dustin:
> 
>       Heya. Just a quick check to see if you've told your
> firewall to allow those protocol=47 packets to come through.
> You got the TCP port=1723 ones for PPTP right, but there's
> two pieces to it.
> 
> -Scott
> 
> > Hello,
> >
> >    I am attempting to replace a 2.9.4 based firewall with 
> Dachstein.  The
> > current firewall forwards VPN traffic to a server behind 
> itself.  I have
> > setup the new server with the following entries in 
> network.conf, but I
> have
> > apparently missed something because I can't connect.  If 
> anyone can help,
> I
> > would appreciate it.
> >
> > Thanks,
> > Dustin
> >
> > -snip-
> > # TCP services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> > EXTERN_TCP_PORTS="0/0_vpn"
> > -snip-
> > # Advanced settings: parameters passed directly to portfw and autofw
> > # Indexed list: "<ipmasqadm portfw options>"
> > #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT 
> [-p PREF]"
> > #INTERN_SERVER1=""
> > INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> > -snip-
> >
> > I have also added the vpn service to /etc/services as:
> >
> > vpn         1723/tcp        #vpn traffic
> >
> > and am running ipfwd as:
> >
> > /usr/sbin/ipfwd --masq vpnserverip 47 &
> 
> 
> 
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 
> 
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 

_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

Reply via email to