Post your rule set.
Chris Willis wrote: > Ok, this is not a PPTP connection from the internet TO a box on the > internal LAN. > > This is a problems with making a PPTP connection from the internal LAN > to any PPTP server out on the internet. > > Thus, TCP 1723 and GRE are not the issue. I am passing ALL from the > internal LAN to the internet. > > I used FWBuilder to create the policy for the FreeBSD box. When I > install Linux 2.6 in place of the freebsd box, and use the exact same > FWBuilder ruleset, then outbound PPTP works great. > > Any other thoughts? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Melameth, Daniel D. > Sent: Saturday, March 11, 2006 12:27 AM > To: pf@benzedrine.cx > Subject: RE: Solution Request: I need to initiate outbound PPTP > requests thru FreeBSD firewall > > Chris Willis wrote: > > I have setup a FreeBSD box running PF for a client. It is the > > 'firewall' for their internal LAN. > > > > I cannot make an outbound VPN connection from their LAN to any > > other microsoft PPTP VPN server. > > > > The VPN connections work fine from any machine that plugs in to the > > hub in FRONT of the firewall (static public IP), but that obviously > > isn't the solution. > > > > What changes need to be made to the ruleset to allow outbound PPTP > > connections? Here is the existing NAT rule I though might work > > based on browsing the Archives: > > > > nat on fxp0 proto udp from 172.16.0.0/16 port = 500 to any -> > > 206.135.37.226 port 500 > > > > But it didn't help at all. I put that rule both in front of, and > > behind, the regular NAT rule for outbound network traffic. > > I hate to say it Chris, but have you bothered to even find out what > ports/protocols PPTP actually uses? Perhaps TCP 1723 and GRE?