Hi Jason, If I remember correctly, when we set this up, we had to set the gre rule without any ports (just put a dash in the port box). If this does not work, a look at /var/log/messages should give you a good idea if the firewall is stopping your packets and why. HTH
Best regards, Patrick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Ellison Sent: Friday, August 13, 2004 7:33 AM To: [EMAIL PROTECTED] Subject: [Security Firewall] Problems with PPTP I am trying to setup a single adapter PPTP VPN server behind my MNF. From what I understand about PPTP I need to open TCP port 1723 and also allow Proto 47, GRE, in order for the vpn to operate correctly. My problem is that every time I attempt to create a rule to allow gre traffic the firewall sets all the default policies to DROP and doesn't add any rules. I setup a test firewall with a fresh install of MNF and I still have the same problem. The rules table looks like this: Result Client Zone Server Zone Protocol Port(s) Forward 1 ACCEPT fw wan tcp+udp 53 2 ACCEPT dmz wan udp 53 3 ACCEPT lan wan udp 53 4 REJECT wan fw tcp 113 5 ACCEPT lan fw tcp 22 6 ACCEPT lan fw tcp 8443 7 ACCEPT fw lan icmp 8 8 ACCEPT lan fw icmp 8 9 ACCEPT lan dmz icmp 8 10 ACCEPT dmz lan icmp 8 11 ACCEPT dmz fw icmp 8 12 ACCEPT fw dmz icmp 8 13 ACCEPT lan fw udp 53 14 ACCEPT wan:10.1.1.99 lan tcp 0:65535 15 ACCEPT:info wan lan gre 0:65535 The last rule is the one that gives it problems. The default Policies are to DROP or REJECT everything except outgoing packets. If anyone has successfully setup a PPTP firewall behind a MNF please let me know. Jason Ellison
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
