From owner-freebsd-questions@FreeBSD.ORG Thu May 5 00:02:17 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B41716A4CE for ; Thu, 5 May 2005 00:02:17 +0000 (GMT) Received: from wolf.bytecraft.au.com (wolf.bytecraft.au.com [203.39.118.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03A5D43D58 for ; Thu, 5 May 2005 00:02:15 +0000 (GMT) (envelope-from MTaylor@bytecraft.com.au) Received: from localhost (localhost [127.0.0.1])j44Ntav6020158; Thu, 5 May 2005 09:55:36 +1000 (EST) (envelope-from MTaylor@bytecraft.com.au) Received: from wolf.bytecraft.au.com ([127.0.0.1]) by localhost (wolf.bytecraft.au.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 19232-06-2; Thu, 5 May 2005 09:55:36 +1000 (EST) Received: from svmarshal.bytecraft.au.com ([10.0.0.4])j44Nt0N7020114; Thu, 5 May 2005 09:55:00 +1000 (EST) (envelope-from MTaylor@bytecraft.com.au) Received: from svmailmel.bytecraft.internal (Not Verified[10.0.0.24]) by svmarshal.bytecraft.au.com with MailMarshal (v5,0,3,78) id ; Thu, 05 May 2005 09:55:00 +1000 Received: from [10.0.17.42] ([10.0.17.42]) by svmailmel.bytecraft.internal with Microsoft SMTPSVC(6.0.3790.211); Thu, 5 May 2005 09:55:04 +1000 From: Murray Taylor Organization: Bytecraft Systems To: freebsd-questions@freebsd.org, Calvin Lane Date: Thu, 5 May 2005 09:54:59 +1000 User-Agent: KMail/1.7 References: <995be75e05050409591da23458@mail.gmail.com> In-Reply-To: <995be75e05050409591da23458@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200505050954.59824.mtaylor@bytecraft.com.au> X-OriginalArrivalTime: 04 May 2005 23:55:04.0505 (UTC) FILETIME=[B13A8A90:01C55104] Subject: Re: Allowing GRE in IPFILTER X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 00:02:17 -0000 On Thu, 5 May 2005 02:59, Calvin Lane wrote: > Hello everyone, > > I've recently installed and configured mpd. I've been able to establish VPN > connections with no problem internally on my network. When I attempt to > establish a connection through my firewall, I get a number of error > messages. The problem is that I'm not allowing GRE to get through on my > firewall. Here is currently what I have: > > pass in quick on xl0 proto gre from any to > 192.168.10.253/24 > pass out quick on xl0 proto gre from > 192.168.10.253/24to any > > Please let me know what the correct syntax is for allowing gre traffic > through through an ipfilter firewall running BSD 4.10. Thanks. > > Calvin > > calvin.lane@gmail.com > This works for my win2k laptop to access work through my FreeBSD 4.9 / ipf firewall you need the TCP port 1723 for initial establishment (The variables are from the shell script I use to reset things when my ISP changes my ip number) ----------8<----------------- oif="rl0" # internet side interface myip="xxx.xxx.xxx.xxx" # internet IP number from ISP DHCP ks="keep state" fks="flags S keep state" ----------8<----------------- # # pptp and gre for Work VPN outbound # pass out quick on $oif proto tcp from any to any port = 1723 $fks pass out quick on $oif proto gre from any to any ----------8<----------------- # # GRE vpn stuff (inbound from work) # pass in quick on $oif proto gre from yyy.yyy.yyy.yyy to any -- Murray Taylor Special Projects Engineer ---------------------- ----------- Bytecraft Systems & Entertainment Phone: 61 3 8710 2555 Email: mtaylor@bytecraft.com.au or visit us on the web http://www.bytecraftsystems.com http://www.bytecraftentertainment.com --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ***This Email has been scanned for Viruses by MailMarshal.***