From owner-freebsd-ipfw Wed Feb 23 7:14: 1 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from zero.arkaine.com (zero.arkaine.com [206.217.210.40]) by hub.freebsd.org (Postfix) with ESMTP id 98CAB37B8D2 for ; Wed, 23 Feb 2000 07:13:49 -0800 (PST) (envelope-from andre@arkaine.com) Received: from s.arkaine.com (s.arkaine.com [192.168.10.10]) by zero.arkaine.com (8.9.3/8.9.3) with ESMTP id LAA02410; Wed, 23 Feb 2000 11:07:26 -0500 (EST) (envelope-from andre@arkaine.com) Received: by s.arkaine.com with Internet Mail Service (5.5.2650.21) id ; Wed, 23 Feb 2000 10:15:33 -0500 Message-ID: <6C191944837ED311863A00104BC7598F77C2@s.arkaine.com> From: Andre Chang To: "'Archie Cobbs'" , jeff@nerdpower.com Cc: freebsd-ipfw@FreeBSD.ORG Subject: RE: ipfw and the GRE protocol Date: Wed, 23 Feb 2000 10:15:32 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Was there any resolution to this issue? I was following the thread and setup a similar test enviroment using ipfw/natd using rules: $fwcmd add pass tcp from any to 192.168.10.10 1723 via fxp0 $fwcmd add pass log gre from any to any (where 192.168.10.10 is the internal NT mahcine) It seems that there is initial connectivity but when the client starts passing the gre packets, the ipfw/natd machine accepts and logs them but dosent pass them to the internal NT machine. The client times out with the error "The computer you are dialing dosent respond to a network request.." and the server logs an "authentication timeout". I've tried a static natd ip address with the same results. I 'm thinking that if the FreeBSD machine is setup with bridge/ipfw instead of ipfw/natd the gre packets would reach their final destination? maybe this is a better firewalling configuration? .. Maybe I'm getting ahead of myself. Any info greatly appreciated. Thanks. -- Andre. -----Original Message----- From: Archie Cobbs [mailto:archie@whistle.com] Sent: Tuesday, February 22, 2000 3:57 PM To: jeff@nerdpower.com Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw and the GRE protocol Jeff Lush writes: > I'm trying to setup VPN to an NT machine going through ipfw/natd. All > documentation says to open the GRE protocol on the firewall; however, I > can't find any documentation on how to enable the GRE protocol on all ports. > I would appreciate some advice. Did you try this? ipfw add 100 allow gre from any to any -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message