[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PPTP and Firewalls

>Does the PPTP server have a real IP address, or is there some sort of 
>NAT/DNAT/SNAT being done by the firewall?
The PPTP server doesn't have a real IP, part of the problem for me is trying
to get the DNAT/SNAT rules working properly. As I understand it, I need to DNAT
all GRE traffic to the PPTP server and SNAT it back again, but I can't quite
figure out the rules.

>What do you see with a tcpdump on the firewall, and does the server's ConfReq

>actually make it to the client at all?
The tcpdump shows packets being sent into both sides of the firewall, but never
coming out of it. This quite clearlt indicates that my GRE forwarding rules
are wrong, but I can't figure out what the right ones are.

>Can the PPTP server ping the client?
The server can ping the client IP fine, the firewall seems to work correctly
for everything other than the GRE packets.

>Have you explicitly allowed GRE traffic through the firewall?
I'm trying, but I think that's what I've got wrong. If you could give me some
example rules that would do this, that'd be really appreciated.

Thanks for the help.

>GPG : http://n12turbo.com/tarragon/public.key
>To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Reply to: