From owner-freebsd-questions  Thu Mar 12 18:18:33 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA25571
          for freebsd-questions-outgoing; Thu, 12 Mar 1998 18:18:33 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from shuttle.netronix.com (shuttle.netronix.com [205.149.170.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA25302
          for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Mar 1998 18:17:44 -0800 (PST)
          (envelope-from jeff@netronix.com)
Received: from ds9.netronix.com (ds9.netronix.com [205.149.190.36]) by shuttle.netronix.com (8.8.7/8.6.5) with SMTP id SAA16863 for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Mar 1998 18:18:51 -0800 (PST)
Message-Id: <199803130218.SAA16863@shuttle.netronix.com>
From: "Jeff Buseman" <jeff@netronix.com>
To: freebsd-questions@FreeBSD.ORG
Date: Thu, 12 Mar 1998 18:18:50 +0000
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Natd Support for Microsoft PPTP / VPN using protocol 47
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

   I am trying to get a MS VPN set up using the MS PPTP through a 
FreeBSD machine set up as a firewall.  It has all the hardware and 
software loaded / configured to use NATd, ipfw, and routing to 
provide Internet access from the internal 10.* network to the ISP.
The MS Server and Client machines are also loaded / configured.

   My problem is that as I watch the NATd translations (-v), I see 
that the TCP traffic (port 1723, per MS Knowledge Base Article 
q166288) is translated properly, but the non TCP protocol traffic 
(protocol 47) is not, even though the source and destination 
addresses are displayed properly.  My NATd command is:

    natd -l -v -i vx0 -redirect_address  10.1.1.30  204.xxx.xxx.91

   I see the following typical messages (from memory, so this may be 
a little sytactically messed up):

in  [tcp] 204.xxx.xxx.96:1030  ->  204.xxx.xxx.91:1723  aliased to
              204.xxx.xxx.96:1030  ->  10.1.1.1:1723

in [?]     204.xxx.xxx.96        ->  204.xxx.xxx.91      aliased to   
             204.xxx.xxx.96        ->  204.xxx.xxx.91

   Anyway, the point is that the unidentified protocol (47) is not 
being translated by NATd.  (I checked that packets with a Lan Sniffer 
and they are protocol 47).

   Finally, my question(s) is this:  Is there some way to make NATd 
do the translation on this protocol, or does it only handle TCP and 
UDP traffic?   If so, is there some other way to get the MS PPTP in 
through the firewall to an unregistered network, or has someone 
hacked the NATd code to support MS PPTP?   Or, how is everyone else 
providing MS VPN through their firewall?

   Jeff Buseman
   jeff@netronix.com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message