From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 14:23:56 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41D8F16A4CE for ; Thu, 28 Apr 2005 14:23:56 +0000 (GMT) Received: from mail.kconline.com (mail.kconline.com [216.241.132.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEB2543D2F for ; Thu, 28 Apr 2005 14:23:55 +0000 (GMT) (envelope-from clint@southerncomp.com) Received: from [127.0.0.1] (xl.expressxl.com [216.241.132.48]) (authenticated bits=0) by mail.kconline.com (8.13.3/8.13.3) with ESMTP id j3SENpWv031025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 28 Apr 2005 09:23:51 -0500 (EST) (envelope-from clint@southerncomp.com) Message-ID: <4270F1F7.7010609@southerncomp.com> Date: Thu, 28 Apr 2005 09:23:51 -0500 From: Clint Wilson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <427019F3.6000000@psknet.com> In-Reply-To: <427019F3.6000000@psknet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.51 on 216.241.132.20 Subject: Re: ipfw/natd broken? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 14:23:56 -0000 Troy Settle wrote: > All, > > I have a box (486, 16mb) running FreeBSD 3.51-something. It's been in > service for the better part of 10 years (originally 2.0.5 or so). > It's acting as a router/nat device for a network with about 50 desktop > systems, and has never given me a problem until this week. Troy, I would highly highly recommend upgrading your system. It is apparent it has internet access, and there are numerous exploits that could compromise the integrity of your entire network. > > It seems that VPN (PPTP) won't work behind NAT. I can use VPN tunnels > from XP PRO to both windows servers and linux-based VPN servers all > day long from home using my netgear broadband router, but from this > location, behind the FreeBSD box, they won't work. The aforementioned being said, I am unaware at this time of any reason why this might not work on 3.5. I am currently doing this same setup IPFW+NATD+FreeBSD 4.11 (Soon to be upgraded to 5.4) and it is working with no problems. There have been a lot of changes to IPFW since your version of FreeBSD I am also sure the natd daemon has been revised as well since your version. I would upgrade to 5.4 set your nat and ipfw back up and see if the problem still is there. > > What gives? > > -- Clint Wilson Southern Comp Solutions LLC http://www.scsisp.com