On Thursday 25 April 2002 22:09, Morgan Reed wrote: > Scott, > > A quick follow-up question regarding allowing protocol 47 packets > though, I attempted to manually set the IPCHAINS rules just to do a > quick test, and this is what I got: > > firewall: -root- > # ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT > > firewall: -root- > # ipchains -A input -s 0/0 -d 0/0 1723 -p 47 -j ACCEPT > ipchains: can only specify ports for icmp, tcp or udp > Try `ipchains -h' or 'ipchains --help' for more information. > > I am not trying to port forward anything at this point, I want to be > able to allow any machine on my home network to connect to a VPN > machine at a client. So no ipmasqadm portfw. > > I uncommented the PPTP module and this is reflected in my log: > > Apr 25 10:55:35 firewall kernel: ip_masq_gre(): creating GRE masq for > 192.168.1.3 -> 205.158.144.234 CID=43E6 MCID=10EA > Apr 25 10:55:35 firewall kernel: Packet log: input DENY eth0 PROTO=47 > 205.158.144.234:65535 68.49.250.48:65535 L=93 S=0x00 I=62911 F=0x0000 > T=116 (#41) > <snipped more of the same> > > But clearly it is viewing protocol 47 packets as junk and denying > them. > > What step(s) am I missing?
For PPTP, In network.conf, allow protocol 47. You will need to load the slhc and ppp modules, and also the pptpd package from Sandro Minola (in the LEAF developer content directory). Do not load the pptp module unless you are port forwarding the connection through the firewall. ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
