Date: Fri, 3 Aug 2001 17:06:56 -0500 From: "Daniel J. Charboneau" <dcharb@xceligent.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Can anyone help, PPTP, IPFW, NATD, in a stateful setup. Message-ID: <E0CAE55EFDF85641A4C56673337C4D98084AF5@XPMAIL01.xceligent.org>
next in thread | raw e-mail | index | archive | help
I am running FreeBSD 4.3. using IPFW, and natd. Currently i have been able to setup a Microsoft server behind the firewall and connect with terminal services, etc... however, when i try to lock down the firewall to only pass pptp, and gre to the NT Server it Connects to the point where it is verifying username and password. However, it just locks up there and dies. Has anyone gotten microsoft vpn to go through a stateful IPFW firewall? I would greatly appreciate any help anyone can offer. Below are my config files. (rc.conf) gateway_enable=3D"YES" defaultrouter=3D"65.x.x.94" ifconfig_xl0=3D"inet 65.x.x.91 netmask 255.255.255.x" ifconfig_xl0_alias0=3D"inet 65.x.x.92 netmask 255.255.255.x" ifconfig_xl1=3D"inet 192.x.x.x/24" inetd_enable=3D"NO" kern_securelevel=3D"2" kern_securelevel_enable=3D"YES" moused_enable=3D"YES" moused_flags=3D"-3" moused_port=3D"/dev/cuaa0" nfs_server_enable=3D"NO" portmap_enable=3D"NO" saver=3D"fire" sendmail_enable=3D"NO" usbd_enable=3D"YES" sshd_enable=3D"YES" hostname=3D"xpfire.x.x" syslogd_flags=3D"-ss" sshd_flags=3D"-4" ipfw_enable=3D"YES" ipmon_enable=3D"YES" ipmon_flags=3D"Dsvn" natd_enable=3D"NO" /sbin/natd -f /etc/natd.rules (rc.fwrules) fwcmd=3D"ipfw" # set these to your outside interface network and netmask and ip oif=3D"xl0" onet=3D"65.x.x.88" onwr=3D"65.x.x.88/x" omask=3D"255.255.255.248" oip=3D"65.x.x.91" # set these to your inside interface network and netmask and ip iif=3D"xl1" inet=3D"192.x.x.x" inwr=3D"192.x.x.x/24" imask=3D"255.255.255.0" iip=3D"192.x.x.x" $fwcmd -f flush $fwcmd add allow all from any to any via lo0 $fwcmd add deny log all from any to 127.0.0.0/8 $fwcmd add allow ip from $inwr to $inwr $fwcmd add divert natd all from any to any via $oif $fwcmd add check-state $fwcmd add allow gre from any to any $fwcmd add allow ip from 65.x.x.93 to any keep-state out xmit xl0 $fwcmd add allow ip from any to 65.x.x.93 keep-state in recv xl0 $fwcmd add allow tcp from any to 192.x.x.x 1723 keep-state via xl0 $fwcmd add allow ip from $oip to any keep-state out via $oif $fwcmd add allow ip from $inwr to any keep-state via $iif (natd.rules) alias_address 65.x.x.91 port 8668 dynamic yes same_ports use_sockets redirect_address 192.x.x.x 65.x.x.93 Sincerely,=20 Daniel Charboneau Systems Administrator Xceligent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0CAE55EFDF85641A4C56673337C4D98084AF5>