Re: Problems tirying to setup a pptp server begin a firewall
Hi,
On Sun, 17 Mar 2002, Raúl Alexis Betancort Santana wrote:
> Hi all, I'm triying to do the next setup ...
>
> Inet <-> Sid FW (Pc1,eth1-inet,eth0-lan) <-> Sid PPTPd (Pc2,eth0-lan)
>
> On the PC1 I have done this
>
> iptables -t nat -A PREROUTING -p gre -j DNAT --to 192.168.0.2
> iptables -t nat -A PREROUTING -p tcp --dport 1723 -j DNAT --to
> 192.168.0.2
>
> Along other rules that don't get into colission with this ones
>
> When I try to make a conx from a WinXX machine with the VPN support
> (pptp), It connect (I saw the pptpd launching the pppd on the PC2),
> and there is GRE traffic (tcpdump -i eth0 proto gre; on pc2 show
> that), but the WinXX machine allway stay saing "Checking username and
> password" till it get a timeout.
>
> Appart from a possible problem with the pptpd/pppd config, are this
> rules OK to *forward* such kind of traffic from the FW to the internal
> server ?
Have you checked whether GRE traffic in the other direction is allowed
as well by PC1?
Also, what is pppd doing with the incoming traffic? Turn pppd debugging
on and see if it actually receives the PPP LCP packets from the client.
Cheers,
Emile.
--
E-Advies / Emile van Bergen | e-advies@evbergen.xs4all.nl
tel. +31 (0)70 3906153 | http://www.e-advies.info
Reply to: