On Mon, 2003-12-08 at 09:59, Troy Aden wrote:
> One more quick question.
>
> We are running a PPTP server behind shorewall.
> The default policy is
> Loc net DROP
>
> The rules are :
> #Inbound VPN
> DNAT net loc:{local PPTP server} tcp 1723
> DNAT net loc:{local PPTP server} 47 -
>
> #Outbound VPN
>
> ACCEPT loc net tcp 1723
> ACCEPT loc net 47 -
>
> The problem is that I have a user that is logged into our VPN from a remote
> site. This user then came into work and is attempting to connect back into
> his system at the remote location. The firewall is blocking him from doing
> this.
> Here is a snip from the logs.
>
> loc2net DROP eth1 eth0 24.78.108.194 24.81.104.187 ICMP (OS fingerprint)
>
> Can anyone tell me if there is a way to allow this user to connect to his
> system from our network?
>
You would need to install the PPTP connection tracking and NAT support
from Netfilter Patch-O-Matic. Without that support, you can only have a
single active PPTP tunnel to any given remote system.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
