Date: Sat, 10 May 2003 09:19:45 -0500 From: Eric Anderson <anderson@centtech.com> To: Michael Collette <metrol@metrol.net> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: Down the MPD road Message-ID: <3EBD0A81.50305@centtech.com> References: <200305100617.44245.metrol@metrol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Collette wrote: >[..snip good stuff..] >The probs: > Apparently PPTP actually puts the remote machine IN the target network. >Sorry, I'm still pretty green on this PPTP stuff. Works a good bit different >than IPSec. Anyhow, once the remote box is connected all the connections to >the rest of the Internet are now coming from behind the firewall. That'd be >cool if it worked reliably. > While connected, when I attempt to browse around the public Internet some >pages just don't load, where others do. No rhyme or reason, and nothing >showing up in my logging of all denied packets via ipfw. For example, I can >hit CNN without a problem, then when I try news.google it never loads a page. >I can hit the main Yahoo page, but any of their other sites won't go. Really >odd. > >I'm not sure if I've got an ipfw or mpd problem at this point. I've tried a >dozen different ways to open up ipfw a LOT while still keeping it reasonably >closed. This thing is in production and all. If it'd help, I'll post the >relevant rule list here. > [..more snipping..] Ok, I saw these problems too.. Remember that the vpn'd client's data is coming through the firewall, to the ng0 interface, and then leaving from there (when "surfing the net"), so you will have to have NAT set up (of some sort) and make sure your rules are open enough to allow the firewall to send packets from the ng0 interface on out and have them natted.. Some of your pages are probably loading from a cache, and not others... also, you may want to add these lines to mpd.conf: set iface enable proxy-arp set iface mtu 1440 I found it fixed all my odd problems that I was having with XP clients.. Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EBD0A81.50305>