On Thursday 25 April 2002 22:09, Morgan Reed wrote:
> Scott,
>
> A quick follow-up question regarding allowing protocol 47 packets
> though, I attempted to manually set the IPCHAINS rules just to do a
> quick test, and this is what I got:
>
> firewall: -root-
> # ipchains -A input -s 0/0 -d 0/0 17
Morgan:
Heya. I think you're doing two things incorrectly. First,
you're using "iphains -A input ..." which means to Append the rule
at the end of the input chain. So, it may be appendning it after
rule #41 which is blocking it. You need either use -I to Insert
the rule earlier in the cha
Behalf Of Chad Carr
Sent: Fri, 26 Apr 2002 13:47 PM
To: Morgan Reed
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein
On Thu, 25 Apr 2002 23:09:38 -0400
"Morgan Reed" <[EMAIL PROTECTED]> wrote:
> Scott,
>
> A quick
On Thu, 25 Apr 2002 23:09:38 -0400
"Morgan Reed" <[EMAIL PROTECTED]> wrote:
> Scott,
>
> A quick follow-up question regarding allowing protocol 47 packets
> though, I attempted to manually set the IPCHAINS rules just to do a
> quick test, and this is what I got:
>
> firewall: -root-
> # ipchain
Scott,
A quick follow-up question regarding allowing protocol 47 packets though, I
attempted to manually set the IPCHAINS rules just to do a quick test, and
this is what I got:
firewall: -root-
# ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT
firewall: -root-
# ipchains -A input -s 0/
PPTP server to make available
#INTERN_SERVER2="tcp ${EXTERN_IP} 1723 ${INTERN_PPTP_SERVER} 1723"
Sergio
> -Mensaje original-
> De: Dustin Reiner [mailto:[EMAIL PROTECTED]]
> Enviado el: Friday, April 12, 2002 15:48
> Para: Scott C. Best; [EMAIL PROTECTED]
>
>
> 0 0 ACCEPT 47 -- 0xFF 0x00 eth0
> vpnserverip externalip n/a
> 0 0 ACCEPT 1723 -- 0xFF 0x00 eth0
> vpnserverip externalip n/a
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
l 12, 2002 2:30 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein
Dustin:
Heya. Just a quick check to see if you've told your
firewall to allow those protocol=47 packets to come through.
You got the TCP port=1723 ones for PPTP right, but
Dustin:
Heya. Just a quick check to see if you've told your
firewall to allow those protocol=47 packets to come through.
You got the TCP port=1723 ones for PPTP right, but there's
two pieces to it.
-Scott
> Hello,
>
>I am attempting to replace a 2.9.4 based firewall with Dachstein.
> In regards to:
> -snip-
> Oh...you also have to let the VPN protocol packets through the
> firewall...it's not clear if you're doing this from the above. ie:
> EXTERN_PROTO0="47 vpnserverip/32"
> -snip-
>
> Would I have to also do this for port 1723?
It's probably good practice, but the defaul
e-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 11:43 AM
To: Dustin Reiner; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein
>I am attempting to replace a 2.9.4 based firewall with Dachstein. The
> current firewall forwards VPN traffic
>I am attempting to replace a 2.9.4 based firewall with Dachstein. The
> current firewall forwards VPN traffic to a server behind itself. I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect. If anyone can
12 matches
Mail list logo