From owner-freebsd-ipfw  Mon Jul  5  2:29:34 1999
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mail.swlct.sthames.nhs.uk (hide14.nhs.uk [194.6.81.14])
	by hub.freebsd.org (Postfix) with ESMTP
	id 17A6F151E2; Mon,  5 Jul 1999 02:29:27 -0700 (PDT)
	(envelope-from greg@swlct.sthames.nhs.uk)
Received: from greg (gquinlan [194.81.0.56])
	by mail.swlct.sthames.nhs.uk (8.9.3/8.9.3) with SMTP id KAA88983;
	Mon, 5 Jul 1999 10:26:30 +0100 (BST)
Message-ID: <004f01bec6c8$cfbecf20$380051c2@qmpgmc.ac.uk>
Reply-To: "Greg Quinlan" <greg@swlct.sthames.nhs.uk>
From: "Greg Quinlan" <greg@swlct.sthames.nhs.uk>
To: "Ron Rosson" <insane@lunatic.oneinsane.net>
Cc: <freebsd-ipfw@freebsd.org>, <freebsd-stable@freebsd.org>
References: <19990701164347.B22149@lunatic.oneinsane.net> <000901bec4d8$1f12fa30$0400a8c0@bahianet.com.br> <19990702160558.A66717@lunatic.oneinsane.net>
Subject: Re: NATD/VPN using -pptpalias
Date: Mon, 5 Jul 1999 10:28:58 +0100
Organization: Queen Mary's Hospital (SWLCT)
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Ron,

----- Original Message -----
From: Ron 'The InSaNe One' Rosson <insane@lunatic.oneinsane.net>

> Still no solution that works. I am still seeing if anyone else has any
ideas.
> I have not given up. I am lucky to have an understandable client.
>

I thought you may have already sorted a simple problem like this. :)

> > > I am tring to get a FreeBSD 3.2-STABLE as of Last week to pass a VPN
> > connection
> > > from a client behind the NATD box to a Server out on the internet. At
this
> > time
> > > I am getting erro, timeout exceeded while waiting for reply.
> > >
> > > excerpt from rc.conf
> > > natd_enable="YES"
> > > natd_interface="ed0"
> > > natd_flags="-pptpalias 192.168.2.7"
> > >
> > > excerpt  from rc.firewall
> > > if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
> > > $fwcmd add divert natd all from any to any via ${natd_interface}

In the firewall rules you are using the "natd" port (ie. /etc/serviices ..
port 8668)
I assume that you have set up "ptpalias" in the same file.
like:
natd          8668   # Original entry.in /etc/services
ptpalias    8669

Just change the firewall command to:

$fwcmd add divert ptpalias all from any to any via ${natd_interface}

What is the "192.168.2.7" in natd_flags for?

I hope it wasn't meant to be "-a 192.168.2.7"
(192.168.x.x will not route over the internet)

:)

Greg






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message