RE: debian-firewall: routing GRE for PPTP VPNs.
To route the GRE traffic you need the ipfwd program. If you like I can send
you a ipfwd debian package. You have to patch the kernel too, at least I had
to do it for 2.2.16.
I am using the the following commands in my firewall script to enable PPTP
traffic to an internal Windows PPTP server:
ipchains -A forward -p tcp -s $host_pptp -d $any 1723 -j MASQ
ipchains -A forward -p 47 -s $host_pptp -d $any -j MASQ
ipmasqadm portfw -a -P tcp -L $ip_dmz 1723 -R $host_pptp 1723
nohup ipfwd --masq $host_pptp 47 > /dev/null &
Here $host_pptp ist the internal pptp server, $any is 0/0 and $ip_dmz is the
ip address of the external interface of my router.
> -----Original Message-----
> From: Brendan J Simon [mailto:email@example.com]
> Sent: Tuesday, October 17, 2000 5:46 AM
> To: debian-firewall
> Subject: debian-firewall: routing GRE for PPTP VPNs.
> I'm trying to setup our firewall so that a remote user can access our
> network via a Win2000 server (using PPTP). I have ipmasq installed on
> the debian firewall. I can route the pptp packets through with the
> following command.
> $ ipmasqadm portfw -a -P tcp -L my.firewall.ip.address 1723 -R
> my.win2000.ip.address 1723
> How do I route the GRE protocol to the Win2000 machine ?
> Do I use portfw, autofw or mfw ?
> The VPN-Masquerade HOWTO says that the 2.2 kernels need to be
> patched to
> allow GRE and ESP protocols to be forwarded. Is the debian 2.2.17
> kernel already patched for this or do I have to do it manually ??
> Thanks for any help. Please CC any replies to me as well as the list.
> Brendan Simon.
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact