hi!
On Mon, Nov 19, 2007 at 11:24:59AM -0600, Beavis wrote:
> hi folks,
>
> any pf folks available? I'm trying to run multiple pptp
> connections behind my 2 PF/carp firewalls. i was only successful to
> pass just 1 client and the rest gets denied for some weird reason. my
> pf.conf is below
>
>
> nat on $exT_if inet from any to any -> $ext_if
>
> block in all
> block out all
>
> pass in quick on $int_if inet proto { tcp, udp } from any to any port 1723
> pass in inet proto gre from any to any
> pass out inet proto gre from any to any
>
> am I missing some other config to let the rest go out?
>
>
> any comments would be awesomely appreciated.
>
pptp does not work with NAT, you need a proxy application to assist pf
in handling multiple pptp sessions.
the only existing pptp proxy that i know about is the "frickin pptp
proxy" (http://frickin.sourceforge.net/) but you shouldn't use this
proxy. you have been warned.
reyk
