From owner-freebsd-pf@FreeBSD.ORG Sat Jan 22 19:34:36 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32EEB16A4CE for ; Sat, 22 Jan 2005 19:34:36 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id B01A443D49 for ; Sat, 22 Jan 2005 19:34:35 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CsR1m-0006IS-00; Sat, 22 Jan 2005 20:34:34 +0100 Received: from [84.128.136.1] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CsR1l-0003dn-00; Sat, 22 Jan 2005 20:34:34 +0100 From: Max Laier To: freebsd-pf@freebsd.org, dave Date: Sat, 22 Jan 2005 20:34:23 +0100 User-Agent: KMail/1.7.2 References: <006e01c5004b$08924cc0$7844d118@satellite> In-Reply-To: <006e01c5004b$08924cc0$7844d118@satellite> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4354311.1ppqai3QvL"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200501222034.32014.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: external connections give error 619 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 19:34:36 -0000 --nextPart4354311.1ppqai3QvL Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 22 January 2005 07:24, dave wrote: > Hello, > I've got a FreeBSD vpn server with mpd going behind a pf firewall/nat > setup. All works when internal machines connect, yet whenever i try to > connect from an external address that is outside my network i get an error > 619 "The specified port is not connected." Googling shows that i should > pass both tcp port 1723 and gre traffic, this i do. My vpn box is > 192.168.1.3, server logs show the verification of the username/password a= nd > the atempt to establish the connection, but then it fails, just goes down. > Any ideas? Not without a bit more detail about your setup. For instance, how do exter= nal=20 clients talk to the vpn server on it's private IP? Do you use rdr for this= ? =20 Is the vpn server aware that it sits behind a NAT firewall? Also make sure that you log blocked traffic. See pflog(4)::EXAMPLES for=20 details on how to watch blocked traffic. This is the easiest way to ensure= =20 that you really pass everything that is required. If nothing suspicious=20 turns up there, you can try to raise the debug level of pf by issueing:=20 "$pfctl -x misc". Watch your console log for BAD state messages. If=20 anything pops up there, please let us know. In any case, if you are stuck please reply with more details such as a=20 detailed setup description and pf.conf. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4354311.1ppqai3QvL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB8qrHXyyEoT62BG0RAuhyAKCAQqcsK5a2Mfx9yQvI6gpZ61TCQQCdGi/9 wBE1sVWNw/2Hwk2B0m5t0fw= =fHOR -----END PGP SIGNATURE----- --nextPart4354311.1ppqai3QvL--