Re: [pfSense Support] All PPTP Traffic is being blocked [solved]

Fri, 27 Jul 2007 06:03:20 -0700 

I finally managed to find the problem and fix it! \o/
I had an alias called "pptp" pointing to port 1723.
Ironically this effectively disabled any incoming PPTP traffic.
Reason: somewhere in the firewall while building up the rules this alias makes it into the rulebase as an interface and thus you end up with a pointless rule like this: pass in quick on 1723 all keep state label "USER_RULE: Permit everything via PPTP" 


When I changed the alias to pptp_signal the rule build up script would 
start to create the right rules:



pass in quick on ng1 all keep state label "USER_RULE: Permit everything 
via PPTP"
pass in quick on ng2 all keep state label "USER_RULE: Permit everything 
via PPTP"

[...]


So since this is not exactly intuitive and cost me a few grey hairs ;) 
either pptp should made a reserved word so that it can't be used as an 
alias or some script needs to be patched so that an aliases won't be 
substituted for an interface.


Cheers, Thorsten

Thorsten Kunz wrote:

Hi all,


I already posted this question to the Forum but without any luck. Maybe 
somebody on this list has an idea of what the problem could be.



I have setup our PFS cluster to terminate PPTP connections. The server 
itself seems to work nicely. I can connect with the (windows) client, 
username/password are being checked and the defined IP address is being 
assigned to the client. So the client and the PFS both tell me that the 
connection was established successfully. So far so good.
But now start the problems: no matter what firewall rules I add to the 
PPTP tab it would block all traffic coming in via PPTP. I tried "permit 
everything" rules as well as specific rules for e.g. ssh. Not working at 
all no matter how I try it. The firewall log would always show me 
blocked traffic like this:



Jul 17 05:11:00      NG1      10.20.30.32:50517      208.75.8.32:22      
TCP


and the triggered rule would be:

@164 block drop in log quick all label "Default block all just to be sure."

Here is the setup:

PPTP Client <-> INet <-> PFS <-> Server


The Server has an official IP address so there is no NAT going on. PFS 
version is 1.2-beta2. Everything else the firewall is supposed to do 
works very well.


I am out of ideas now and could really use some help. Any thoughts?

TIA, Thorsten

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to