From owner-freebsd-ipfw Wed Feb 23 16:25:48 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.rdc1.az.home.com (ha1.rdc1.az.home.com [24.1.240.66]) by hub.freebsd.org (Postfix) with ESMTP id 953E837BA55 for ; Wed, 23 Feb 2000 16:25:45 -0800 (PST) (envelope-from rreedy@home.com) Received: from pulsar ([24.1.212.202]) by mail.rdc1.az.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <20000224002545.FRWO3015.mail.rdc1.az.home.com@pulsar>; Wed, 23 Feb 2000 16:25:45 -0800 Reply-To: From: "Ryan Reedy" To: "'Chad K. Bisk'" , Subject: RE: ipfw and the GRE protocol Date: Wed, 23 Feb 2000 17:25:55 -0700 Message-ID: <000101bf7e5d$b78b6f10$0c00a8c0@pulsar.rreedy.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: <001901bf7e32$3b667c20$43110d0a@etci.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have successfully setup up a pptp server behind ipfw/natd by doing the following (on 3.2) For NATD: use the -pptpalias a.b.c.d -redirect_port a.b.c.d:1723 1723 (this will only work for one machine on the internal network as far as I can tell) For IPFW: $fwcmd add pass tcp from any to a.b.c.d 1723 setup $fwcmd add pass tcp from any to any established $fwcmd add pass gre from any to any a.b.c.d is the internal ip address (and the divert rule is at the top of the list). gre is protocol 47, I think someone was missing this in the protocols file earlier. I've never tried to set this up on any other version which may be causing other issues. Also, sometimes the client has to dial, get refused and then dial again to get connected, but I haven't taken the time to see if this is a NT or firewall issue. Hope this helps! -Ryan > Andre Chang writes: > > Was there any resolution to this issue? I was following the thread and setup > > a similar test enviroment using ipfw/natd using rules: > > > > $fwcmd add pass tcp from any to 192.168.10.10 1723 via fxp0 > > $fwcmd add pass log gre from any to any > > PPTP does not pass cleanly through address translation without > specific support -- it's very analogous to the way active mode FTP > works. > > Erik Salander is actually working on adding this support to libalias > right now at Whistle but it won't be finished for a while. > > -Archie I thought that was what natd -pptpalias a.b.c.d was for. Although truth be told I've never been able to get a PPTP client to connect through natd to a PPTP server behind ipfw. -- Chad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message