Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 01 Apr 2003 21:23:22 +0100
From:      John Murphy <jfm@blueyonder.co.uk>
To:        questions@FreeBSD.ORG
Subject:   Re: VPN pass through?
Message-ID:  <c8tj8v8d829lvtejk4v9i9fqju0t176d8b@4ax.com>

next in thread | raw e-mail | index | archive | help
"Mark-Nathaniel Weisman" <mark@outlander.us> wrote:
<long lines re-formatted>
>I have a W2K VPN server (RRAS using PPTP) setup behind my FreeBSD =
firewall.
>I also have a web server, mail server, and several others. I've setup up=
 my
>ipfw to allow packets for port 1723 on both tcp and udp from any to any,
>and setup up NATD to redirect_port 1723 to the internal address of my =
VPN
>box. I am unable to pass the packets through, and when I put the =
redirect
>statement in my natd.conf file, none of the redirection works. I've =
tried
>redirecting both the port and the protocol to no avail.
>Can someone take a moment to explain where I'm going wrong?

You need to pass proto gre.  Ipfw may do this by default, I'm not sure,
but I had to add:

pass in quick on ed0 proto gre all
pass out quick on ed0 proto gre all

to get a VPN working through an ipf firewall.

You may not need to redirect 1723 if the firewall is 'stateful'
and you initiate the connection from 'this' end.

HTH
John.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c8tj8v8d829lvtejk4v9i9fqju0t176d8b>