From owner-freebsd-questions Tue Jul 20 10:30:25 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dorthy.state.net (dorthy.state.net [209.234.62.254]) by hub.freebsd.org (Postfix) with ESMTP id 2D16615347 for ; Tue, 20 Jul 1999 10:30:16 -0700 (PDT) (envelope-from jon.passki@neicoltech.org) Received: from lp020001 (209-234-63-231.state.net [209.234.63.231] (may be forged)) by dorthy.state.net (8.8.8/8.7.2) with SMTP id MAA06511 for ; Tue, 20 Jul 1999 12:26:15 -0500 (CDT) From: "Jon Passki" To: Subject: RE: Natd + windows98 on ${iif} and PPTP (VPN) on ${oif} Date: Tue, 20 Jul 1999 12:27:06 -0500 Message-ID: <000401bed2d5$17357940$c302a8c0@lp020001.neicoltech.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <19990716155402.2787.qmail@rm01-24-29-194-43.ce.mediaone.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yeah, I'm in the same boat. -- CLIENT = 192.168.0.2 fxp0 = 192.168.0.1 vx0 = 10.0.0.1 PPTP_Server = 10.0.0.5 I've tried this command line for natd: natd -n fxp0 -pptpalias 10.0.0.5 and ... natd -n fxp0 in conjunction w/ the two bottom rule sets ipfw rule set one: 00100 divert 8668 ip from any to any via fxp0 00100 allow ip from any to any via lo0 00150 allow gre from any to any 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any ipfw rule set two: 00001 allow gre from any to any 00100 divert 8668 ip from any to any via fxp0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any ... for 4 different possible configs. No go. I ran tcpdump, and watched both adapters, the vx0 adapter saw no traffic under any of the combinations above. From the dump of the fxp0 adapter, it seemed that the CLIENT would try to make a connection w/ fxp0, and then fxp0 would respond as the service was running locally, which obviously caused the connection to fail since fxp0 didn't have a service running on port 1723. I connected the CLIENT directly to the PPTP_Server, and after changing the IP (w/ a reboot, blah) on the CLIENT, I was able to connect to the PPTP_Server. Any suggestions? Jon Passki > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of > root@rm01-24-29-194-43.ce.mediaone.net > Sent: Friday, July 16, 1999 10:54 AM > To: freebsd-questions@FreeBSD.ORG > Subject: Natd + windows98 on ${iif} and PPTP (VPN) on ${oif} > > > I just finished searching the archives and returned nothing. I > currently have > a custom simple firewall implementation with NATD. I would like to > NAT a PPTP request to an outside server. What ports need to be > opened in the firewall? I understand the -pptp_alias option > needs to be set for pptp to go through, but currently am still > missing out on the correct ipfw rules. I tried guessing, that didnt > help much. If you happen to know the correct rules to fix this, > let me know > I would like to be able to use the VPN server at work without having to > put the windows machine directly on the internet connection :-) > Thanks for your time and patience. > Roy > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message