Chris Willis wrote:
I have setup a FreeBSD box running PF for a client. It is the
'firewall' for their internal LAN.
I cannot make an outbound VPN connection from their LAN to any other
microsoft PPTP VPN server.
The VPN connections work fine from any machine that plugs in to the
hub in
Chris Willis [EMAIL PROTECTED] writes:
What changes need to be made to the ruleset to allow outbound PPTP
connections? Here is the existing NAT rule I though might work based on
browsing the Archives:
googlemancy on PF NAT PPTP seems to indicate that some sort of proxying
(see eg
Peter N. M. Hansteen wrote:
Chris Willis [EMAIL PROTECTED] writes:
What changes need to be made to the ruleset to allow outbound PPTP
connections? Here is the existing NAT rule I though might work
based on browsing the Archives:
googlemancy on PF NAT PPTP seems to indicate that some
Ok, this is not a PPTP connection from the internet TO a box on the
internal LAN.
This is a problems with making a PPTP connection from the internal LAN
to any PPTP server out on the internet.
Thus, TCP 1723 and GRE are not the issue. I am passing ALL from the
internal LAN to the internet.
I
Post your rule set.
Chris Willis wrote:
Ok, this is not a PPTP connection from the internet TO a box on the
internal LAN.
This is a problems with making a PPTP connection from the internal LAN
to any PPTP server out on the internet.
Thus, TCP 1723 and GRE are not the issue. I am passing
Convert all your block rules to use log, sniff on pflog0, with -e and -s 2048
That should tell you what rule is blocking the first few.
My hunch is that some kind of state is getting set up by the ICMP echo
replies, and thus future requests are being passed.
In any case, the no route to host