Re: PPTP and Firewalls

To: debian-isp@lists.debian.org
Subject: Re: PPTP and Firewalls
From: khaosse_angel@alpha.net.au
Date: Sun, 11 May 2003 20:00:39 +1000
Message-id: <[🔎] 3ebe1f47.636a.0@alpha.net.au>
Reply-to: khaosse_angel@alpha.net.au


>Does the PPTP server have a real IP address, or is there some sort of 
>NAT/DNAT/SNAT being done by the firewall?
>
The PPTP server doesn't have a real IP, part of the problem for me is trying
to get the DNAT/SNAT rules working properly. As I understand it, I need to DNAT
all GRE traffic to the PPTP server and SNAT it back again, but I can't quite
figure out the rules.

>What do you see with a tcpdump on the firewall, and does the server's ConfReq

>actually make it to the client at all?
>
The tcpdump shows packets being sent into both sides of the firewall, but never
coming out of it. This quite clearlt indicates that my GRE forwarding rules
are wrong, but I can't figure out what the right ones are.

>Can the PPTP server ping the client?
>
The server can ping the client IP fine, the firewall seems to work correctly
for everything other than the GRE packets.

>Have you explicitly allowed GRE traffic through the firewall?
>
I'm trying, but I think that's what I've got wrong. If you could give me some
example rules that would do this, that'd be really appreciated.

Thanks for the help.

>t
>-- 
>GPG : http://n12turbo.com/tarragon/public.key
>
>
>-- 
>To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

>

Reply to:

Follow-Ups:
- Re: PPTP and Firewalls
  - From: Shri Shrikumar <shri@urbyte.com>

Prev by Date: Re: Smart Array 641 ?
Next by Date: can't compile courier-imap with authmysql *G*
Previous by thread: Re: PPTP and Firewalls
Next by thread: Re: PPTP and Firewalls
Index(es):
- Date
- Thread