Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Apr 2001 10:45:28 -0700
From:      "Chuck Sumner" <csumner@omnisky.com>
To:        "'Pablo Bendersky'" <pbendersky@itineri.com>, <lucas@slb.to>, <freebsd-questions@freebsd.org>
Subject:   RE: VPN: poptop
Message-ID:  <001001c0bdf8$3492f840$c803a8c0@CSUMNER>
In-Reply-To: <JPEAKMLHKPBJHAEBDFIEKELPCEAA.pbendersky@itineri.com>

next in thread | previous in thread | raw e-mail | index | archive | help
well, not knowing your network layout, this may be wrong,
but it looks to me like rule 01600 is the problem.
denying all traffic from 192.168/16

if this box acts a firewall/router, this may be useful. but, if this box
sits on an internal sunbnet, like 192.168/16, then this rule defeats you.

hope that helps. id try commenting out that line and seeing what happens.

chuck

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Pablo Bendersky
Sent: Thursday, April 05, 2001 9:27 AM
To: Chuck Sumner; lucas@slb.to; freebsd-questions@freebsd.org
Subject: RE: VPN: poptop


My machines subnet 192.168.0.0/24

-----Mensaje original-----
De: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]En nombre de Chuck Sumner
Enviado el: Jueves, 05 de Abril de 2001 01:06 p.m.
Para: 'Pablo Bendersky'; lucas@slb.to; freebsd-questions@freebsd.org
Asunto: RE: VPN: poptop


what subnet do your internal machines live on?


-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Pablo Bendersky
Sent: Thursday, April 05, 2001 8:25 AM
To: lucas@slb.to; freebsd-questions@freebsd.org
Subject: RE: VPN: poptop


Could you help a little ?
I've just setted it up, and it works fine (The windows client can connect
and get assigned an IP address.)
The problem is that he cannot browse our internal web servers.

Maybe is a problem with firewall rules ?
My rules are as follows:
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00500 deny ip from any to 10.0.0.0/8 via xl1
00600 deny ip from any to 172.16.0.0/12 via xl1
00700 deny ip from any to 192.168.0.0/16 via xl1
00800 deny ip from any to 0.0.0.0/8 via xl1
00900 deny ip from any to 169.254.0.0/16 via xl1
01000 deny ip from any to 192.0.2.0/24 via xl1
01100 deny ip from any to 224.0.0.0/4 via xl1
01200 deny ip from any to 240.0.0.0/4 via xl1
01300 divert 8668 ip from any to any
01400 deny ip from 10.0.0.0/8 to any via xl1
01500 deny ip from 172.16.0.0/12 to any via xl1
01600 deny ip from 192.168.0.0/16 to any via xl1
01700 deny ip from 0.0.0.0/8 to any via xl1
01800 deny ip from 169.254.0.0/16 to any via xl1
01900 deny ip from 192.0.2.0/24 to any via xl1
02000 deny ip from 224.0.0.0/4 to any via xl1
02100 deny ip from 240.0.0.0/4 to any via xl1
02200 allow ip from any to any frag
02300 allow ip from any to any
65535 deny ip from any to any

-----Mensaje original-----
De: Lucas Bergman [mailto:lucas@slb.to]
Enviado el: Miercoles, 04 de Abril de 2001 03:43 p.m.
Para: Pablo Bendersky
Asunto: Re: VPN: poptop


> Thanks, I've just installed it and I'm reading the manual.

Excellent.  Good luck.

Lucas


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c0bdf8$3492f840$c803a8c0>