Date: Tue, 20 Jul 1999 12:27:06 -0500
From: "Jon Passki" <jon.passki@neicoltech.org>
To: <freebsd-questions@FreeBSD.ORG>
Subject: RE: Natd + windows98 on ${iif} and PPTP (VPN) on ${oif}
Message-ID: <000401bed2d5$17357940$c302a8c0@lp020001.neicoltech.org>
In-Reply-To: <19990716155402.2787.qmail@rm01-24-29-194-43.ce.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah, I'm in the same boat.
<CLIENT>-<fxp0 | natd/ipfw on fbsd 3.2 -s | vx0>-<PPTP_Server>
CLIENT = 192.168.0.2
fxp0 = 192.168.0.1
vx0 = 10.0.0.1
PPTP_Server = 10.0.0.5
I've tried this command line for natd:
natd -n fxp0 -pptpalias 10.0.0.5
and ...
natd -n fxp0
in conjunction w/ the two bottom rule sets
ipfw rule set one:
00100 divert 8668 ip from any to any via fxp0
00100 allow ip from any to any via lo0
00150 allow gre from any to any
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any
ipfw rule set two:
00001 allow gre from any to any
00100 divert 8668 ip from any to any via fxp0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any
... for 4 different possible configs.
No go. I ran tcpdump, and watched both adapters, the vx0 adapter saw no
traffic under any of the combinations above. From the dump of the fxp0
adapter, it seemed that the CLIENT would try to make a connection w/ fxp0,
and then fxp0 would respond as the service was running locally, which
obviously caused the connection to fail since fxp0 didn't have a service
running on port 1723. I connected the CLIENT directly to the PPTP_Server,
and after changing the IP (w/ a reboot, blah) on the CLIENT, I was able to
connect to the PPTP_Server.
Any suggestions?
Jon Passki
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of
> root@rm01-24-29-194-43.ce.mediaone.net
> Sent: Friday, July 16, 1999 10:54 AM
> To: freebsd-questions@FreeBSD.ORG
> Subject: Natd + windows98 on ${iif} and PPTP (VPN) on ${oif}
>
>
> I just finished searching the archives and returned nothing. I
> currently have
> a custom simple firewall implementation with NATD. I would like to
> NAT a PPTP request to an outside server. What ports need to be
> opened in the firewall? I understand the -pptp_alias option
> needs to be set for pptp to go through, but currently am still
> missing out on the correct ipfw rules. I tried guessing, that didnt
> help much. If you happen to know the correct rules to fix this,
> let me know
> I would like to be able to use the VPN server at work without having to
> put the windows machine directly on the internet connection :-)
> Thanks for your time and patience.
> Roy
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401bed2d5$17357940$c302a8c0>