Date: Wed, 23 Feb 2000 12:08:29 -0700 From: "Jeff Lush" <jeff@nerdpower.com> To: "Andre Chang" <andre@arkaine.com>, "'Archie Cobbs'" <archie@whistle.com> Cc: <freebsd-ipfw@FreeBSD.ORG> Subject: RE: ipfw and the GRE protocol Message-ID: <NDBBKIMGBBOBEOPLFCHIOEONCJAA.jeff@nerdpower.com> In-Reply-To: <6C191944837ED311863A00104BC7598F77C2@s.arkaine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andre, I am having the same problems with natd/ipfw. NT accepts the connection on 1723, then the client stops on error 650. I have tried everything I can think of, but here is a thought: I have natd setup to read natd.conf In natd.conf I have: -- redirect_port tcp 192.168.10.14:1723 199.185.130.34:1723 # Allows for initial connection to VPN -- Then I add " -pptpalias 192.168.10.14" to the natd startup in rc.network When I boot it, I get no screen info that says pptpalias is functioning. My thinking was this was my problem (pptpalias not working), but now that I see you're having the same problem, I am changing my mind. Any ideas or comment are always appreciated. -Jeff > Hi, > > Was there any resolution to this issue? I was following the > thread and setup > a similar test enviroment using ipfw/natd using rules: > > $fwcmd add pass tcp from any to 192.168.10.10 1723 via fxp0 > $fwcmd add pass log gre from any to any > > (where 192.168.10.10 is the internal NT mahcine) > > It seems that there is initial connectivity but when the client starts > passing the gre packets, the ipfw/natd machine accepts and logs them but > dosent pass them to the internal NT machine. The client times out with the > error "The computer you are dialing dosent respond to a network request.." > and the server logs an "authentication timeout". > > I've tried a static natd ip address with the same results. I 'm thinking > that if the FreeBSD machine is setup with bridge/ipfw instead of ipfw/natd > the gre packets would reach their final destination? maybe this > is a better > firewalling configuration? .. Maybe I'm getting ahead of myself. > > Any info greatly appreciated. Thanks. > > -- Andre. > > -----Original Message----- > From: Archie Cobbs [mailto:archie@whistle.com] > Sent: Tuesday, February 22, 2000 3:57 PM > To: jeff@nerdpower.com > Cc: freebsd-ipfw@FreeBSD.ORG > Subject: Re: ipfw and the GRE protocol > > > Jeff Lush writes: > > I'm trying to setup VPN to an NT machine going through ipfw/natd. All > > documentation says to open the GRE protocol on the firewall; however, I > > can't find any documentation on how to enable the GRE protocol on all > ports. > > I would appreciate some advice. > > Did you try this? > > ipfw add 100 allow gre from any to any > > -Archie > > __________________________________________________________________ > _________ > Archie Cobbs * Whistle Communications, Inc. * > http://www.whistle.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBKIMGBBOBEOPLFCHIOEONCJAA.jeff>