[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: debian-firewall: routing GRE for PPTP VPNs.

To route the GRE traffic you need the ipfwd program. If you like I can send
you a ipfwd debian package. You have to patch the kernel too, at least I had
to do it for 2.2.16.

I am using the the following commands in my firewall script to enable PPTP
traffic to an internal Windows PPTP server:

ipchains -A forward -p tcp -s $host_pptp -d $any 1723 -j MASQ
ipchains -A forward -p 47 -s $host_pptp -d $any -j MASQ
ipmasqadm portfw -a -P tcp -L $ip_dmz 1723 -R $host_pptp 1723
nohup ipfwd --masq $host_pptp 47 > /dev/null &

Here $host_pptp ist the internal pptp server, $any is 0/0 and $ip_dmz is the
ip address of the external interface of my router.


> -----Original Message-----
> From: Brendan J Simon [mailto:brendan.simon@ctam.com.au]
> Sent: Tuesday, October 17, 2000 5:46 AM
> To: debian-firewall
> Subject: debian-firewall: routing GRE for PPTP VPNs.
> I'm trying to setup our firewall so that a remote user can access our
> network via a Win2000 server (using PPTP).  I have ipmasq installed on
> the debian firewall.  I can route the pptp packets through with the
> following command.
> $ ipmasqadm portfw -a -P tcp -L my.firewall.ip.address 1723 -R
> my.win2000.ip.address 1723
> How do I route the GRE protocol to the Win2000 machine ?
> Do I use portfw, autofw or mfw ?
> The VPN-Masquerade HOWTO says that the 2.2 kernels need to be 
> patched to
> allow GRE and ESP protocols to be forwarded.  Is the debian 2.2.17
> kernel already patched for this or do I have to do it manually ??
> Thanks for any help.  Please CC any replies to me as well as the list.
> Thanks,
> Brendan Simon.
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org

Reply to: