From owner-freebsd-net@FreeBSD.ORG Thu Jul 17 13:20:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3A4237B401 for ; Thu, 17 Jul 2003 13:20:09 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCB4E43F3F for ; Thu, 17 Jul 2003 13:20:08 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA03516; Thu, 17 Jul 2003 14:19:51 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030717141336.029bbb70@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 17 Jul 2003 14:19:47 -0600 To: Michael Bretterklieber From: Brett Glass In-Reply-To: <20030717214046.D365@worf.jawa.at> References: <200307171936.NAA03141@lariat.org> <200307171936.NAA03141@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 20:20:10 -0000 At 01:44 PM 7/17/2003, Michael Bretterklieber wrote: >that's not true, libalias (=natd) very well supports PPTP-nat. Maybe the >problem is in your firewall. Firewalls have to pass protocl 47 (=GRE) in >order to get PPTP to work. It is. In fact, I think that may be part of the problem. I didn't set this firewall up, but I do see a rule in there, fairly early on, that says "allow gre from any to any". Apparently, the literature says to add this. It occurs to me that this rule may cause the packets to bypass natd. On the other hand, if it's removed, the GRE packets seem to get blocked. Hmmm. --Brett