Re: GRE, VPN and suchlike
It was so simple ! Just use [iptables] ipchains to setup the rules and we have a nice passthrough ! THANKS a lot, everything works perfectly now ! Greg > Hi Gregiore, > > Gregoire Hostettler wrote: > > Thank you, Brendan, > > > > This is a good starting point. > > > > But will this package implement GRE (port 47) ? Just because I need to > > install the Linmux box as a firewall. > > In fact it is already a fw. What I need is just to make VPN encapsulated > > packets to go through the firewall to the VPN server which is located > > in the inside LAN. > > If all you want to do is forward PPTP packets to an internal (public IP) > PPTP VPN server that's easy. Under kernel 2.4: > > # For the initial PPTP authentication > iptables -A INPUT -p TCP -s --dport 1723 -j ACCEPT > iptables -A INPUT -p TCP -d --sport 1723 -j ACCEPT > > # Then for forwarding GRE > iptables -A INPUT -p 47 -s -j ACCEPT > iptables -A INPUT -p 47 -d -j ACCEPT > > If you want to masquerade PPTP packets to an internal (private IP) PPTP > server then read this howto: > > http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html > > However, this only covers kernels 2.0 and 2.2. I haven't tried doing > this under 2.4 yet. > > > > > And do I need samba ? I want to keep my Debian fw with as few daemons as > > possible, as you can guess ;-) > > > > You only need Samba if you want to provide Windows file and printer > sharing on the firewall itself. PPTP does not require Samba. > > > Anyway THANK YOU for your help ! > > No problems. Hope this helps! > > Brendan > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Newbie from NT: exim problem NOT SOLVED
Hi everybody! Back with the same problem. exim is running correctly for incoming mail. 3 days ago, suddently, with no *apparent* reason it stopped sending mails with this message: 550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address) I have then set up BIND and resolv.conf. The error message have changed. It now says: 550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address) That means that at least DNS is working, but e-mails are still stucked in. I guess there is an error _somewhere_ in my exim.conf file. Where should I look at first ? TYIA for any clue. Caracal - G. Hostettler6, ch. du Raidillon1522 Lucens Tél: 079 342 97 66 e-mail travaux généraux : [EMAIL PROTECTED]e-mail travaux webmaster : [EMAIL PROTECTED]e-mail personnel : [EMAIL PROTECTED]
Newbie from NT: exim problem NOT SOLVED
Hi everybody! Back with the same problem. exim is running correctly for incoming mail. 3 days ago, suddently, with no *apparent* reason it stopped sending mails with this message: 550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address) I have then set up BIND and resolv.conf. The error message have changed. It now says: 550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address) That means that at least DNS is working, but e-mails are still stucked in. I guess there is an error _somewhere_ in my exim.conf file. Where should I look at first ? TYIA for any clue. Caracal - G. Hostettler6, ch. du Raidillon1522 Lucens Tél: 079 342 97 66 e-mail travaux généraux : [EMAIL PROTECTED]e-mail travaux webmaster : [EMAIL PROTECTED]e-mail personnel : [EMAIL PROTECTED]
Newbie from NT exim question
Hi! My brand-new exim on potato kernel 2.2.13 used to work perfectly for some days. Just before (what a chance!) to go production, it stopped working on outgoing e-mails, with this nasty message: '550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address)', Port : 25, Sécurisé (SSL) : Non, Erreur de serveur : 550, Numéro d'erreur : 0x800CCC79 I guess it is maybe related to DNS. My simple problem is "where in the hell do I specify the DNS primary and secondary IP addresses under Debian Linux ?" Yes, with Windoze NT, it was quite straightforward, either on the DHCP server, or, for statically addressed servers, just go to this DNS tab under protocols under NW neighborhood. Just a kind of knowing where it is. Guess the same under Linux. I tried to tweak exim.conf, adding a couple of sites under "relay_domains". All e-mails for these two sites are going out perfectly, as exim does not try to get thier IPs from their names. That seems to indicate one more time a DNS problem. Do I have to change anything in host_accept_relay (which is actually localhost which points in the hosts file to 127.0.0.1). Should it be instead of the loopback, the real address of the mail server ???). The token relay-domains_include_locale_mx=true is commented out, and host_lookup is set to *. Any help greatly appreciated! Caracal - G. Hostettler6, ch. du Raidillon1522 Lucens Tél: 079 342 97 66 e-mail travaux généraux : [EMAIL PROTECTED]e-mail travaux webmaster : [EMAIL PROTECTED]e-mail personnel : [EMAIL PROTECTED]
Newbie from NT exim question
Hi! My brand-new exim on potato kernel 2.2.13 used to work perfectly for some days. Just before (what a chance!) to go production, it stopped working on outgoing e-mails, with this nasty message: '550 relaying to <[EMAIL PROTECTED]> prohibited by administrator (failed to find host name from IP address)', Port : 25, Sécurisé (SSL) : Non, Erreur de serveur : 550, Numéro d'erreur : 0x800CCC79 I guess it is maybe related to DNS. My simple problem is "where in the hell do I specify the DNS primary and secondary IP addresses under Debian Linux ?" Yes, with Windoze NT, it was quite straightforward, either on the DHCP server, or, for statically addressed servers, just go to this DNS tab under protocols under NW neighborhood. Just a kind of knowing where it is. Guess the same under Linux. I tried to tweak exim.conf, adding a couple of sites under "relay_domains". All e-mails for these two sites are going out perfectly, as exim does not try to get thier IPs from their names. That seems to indicate one more time a DNS problem. Do I have to change anything in host_accept_relay (which is actually localhost which points in the hosts file to 127.0.0.1). Should it be instead of the loopback, the real address of the mail server ???). The token relay-domains_include_locale_mx=true is commented out, and host_lookup is set to *. Any help greatly appreciated! Caracal - G. Hostettler6, ch. du Raidillon1522 Lucens Tél: 079 342 97 66 e-mail travaux généraux : [EMAIL PROTECTED]e-mail travaux webmaster : [EMAIL PROTECTED]e-mail personnel : [EMAIL PROTECTED]
