>Does the PPTP server have a real IP address, or is there some sort of >NAT/DNAT/SNAT being done by the firewall? > The PPTP server doesn't have a real IP, part of the problem for me is trying to get the DNAT/SNAT rules working properly. As I understand it, I need to DNAT all GRE traffic to the PPTP server and SNAT it back again, but I can't quite figure out the rules.
>What do you see with a tcpdump on the firewall, and does the server's ConfReq >actually make it to the client at all? > The tcpdump shows packets being sent into both sides of the firewall, but never coming out of it. This quite clearlt indicates that my GRE forwarding rules are wrong, but I can't figure out what the right ones are. >Can the PPTP server ping the client? > The server can ping the client IP fine, the firewall seems to work correctly for everything other than the GRE packets. >Have you explicitly allowed GRE traffic through the firewall? > I'm trying, but I think that's what I've got wrong. If you could give me some example rules that would do this, that'd be really appreciated. Thanks for the help. >t >-- >GPG : http://n12turbo.com/tarragon/public.key > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >