RE: VPN to a host behind the firewall

To: <debian-firewall@lists.debian.org>
Subject: RE: VPN to a host behind the firewall
From: "Jarle Aase" <jgaa@jgaa.com>
Date: Wed, 1 Dec 1999 12:27:30 +0100
Message-id: <[🔎] NCBBIJAIBDGCMNAHBHJPCEHPFDAA.jgaa@jgaa.com>
In-reply-to: <19991128085605.A31333@colug.org>

 
> Info & kernel patches for allowing pptp and ipsec through ip-masquerade
> can be found here:
> 	http://www.wolfenet.com/~jhardin

I've looked there, I've looked at the "VPM masquerade HOWTO" and on numerous web pages, and I'm getting more and more frustrated...

First of all, port-forwarding don't work. I'm using Linux 2.2.13 taken directly from kernel.org and the international patch taken from kerneli.org. The network options are listed at the bottom of this message. 

ipportfw complains:

  # ipportfw -L
  Could not open /proc/net/ip_portfw
  Are you sure you have Port Forwarding installed?        

and ipmasqadm is not installed (and I can't find it anywhere. Some pages claim that it's at juanjox.linuxhq.com, but a search there only comes up with more pages claiming that it's there - somewhere). I have a local Debian mirror and searched the potato tree for any file named ipmasq*, but all I found was the ipmasq package which I don't want to install as it mess up my own hand coded firewall configuration).

I tried ipfwd and redir, and actually got so far that the NT machine printed some error events about "LOOPBACK DETECTED" in the event log when I tried to connect to the NT VPN server from a Win98 machine trough the firewall (using the firewall's IP number).

I really don't know where to begin - as most documentation on this seems to be outdated or misleading, - and I don't have the time to make this a major project.

Any help is appreciated.

Jarle

- 
Jarle Aase
Author of freeware.


For support/suggestions: alt.comp.jgaa (newsgroup)
For information: info@mail.jgaa.com(email, auto-responder)
Private Email: jgaa@mail.jgaa.com
WWW: http://www.jgaa.com/
<no need to argue - just kill'em all!> 


>From ~/src/linux/.config
# Networking options
#
CONFIG_CIPE=y
CONFIG_CIPE_VERSION=3
# CONFIG_CIPE_IDEA is not set
CONFIG_CIPE_BLOWFISH=y
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
CONFIG_NET_SECURITY=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_LARGE_TABLES=y
CONFIG_IP_ROUTE_NAT=y
# CONFIG_IP_PNP is not set
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y

#
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_ICMP=y

#
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=m
CONFIG_IP_MASQUERADE_IPPORTFW=m
CONFIG_IP_MASQUERADE_MFW=m
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_IP_ALIAS=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y

#
# (it is safe to leave these untouched)
#
# CONFIG_INET_RARP is not set
CONFIG_SKB_LARGE=y
# CONFIG_IPV6 is not set

#
#  
#
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
CONFIG_BRIDGE=y
# CONFIG_LLC is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
# CONFIG_CPU_IS_SLOW is not set

#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set

Reply to:

Next by Date: Re: Should I propose a Debian Firewall?
Next by thread: Re: Should I propose a Debian Firewall?
Index(es):
- Date
- Thread