Date: Tue, 01 Apr 2003 21:23:22 +0100 From: John Murphy <jfm@blueyonder.co.uk> To: questions@FreeBSD.ORG Subject: Re: VPN pass through? Message-ID: <c8tj8v8d829lvtejk4v9i9fqju0t176d8b@4ax.com>
index | next in thread | raw e-mail
"Mark-Nathaniel Weisman" <mark@outlander.us> wrote: <long lines re-formatted> >I have a W2K VPN server (RRAS using PPTP) setup behind my FreeBSD firewall. >I also have a web server, mail server, and several others. I've setup up my >ipfw to allow packets for port 1723 on both tcp and udp from any to any, >and setup up NATD to redirect_port 1723 to the internal address of my VPN >box. I am unable to pass the packets through, and when I put the redirect >statement in my natd.conf file, none of the redirection works. I've tried >redirecting both the port and the protocol to no avail. >Can someone take a moment to explain where I'm going wrong? You need to pass proto gre. Ipfw may do this by default, I'm not sure, but I had to add: pass in quick on ed0 proto gre all pass out quick on ed0 proto gre all to get a VPN working through an ipf firewall. You may not need to redirect 1723 if the firewall is 'stateful' and you initiate the connection from 'this' end. HTH John.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c8tj8v8d829lvtejk4v9i9fqju0t176d8b>