[Shorewall-users] PPTP through the firewall

Bear bear@amberorder.com
Wed, 16 Jan 2002 09:11:59 -0800

Do you have a:

ACCEPT    loc   net    gre  47 

In there somewhere?

John S.

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net]On Behalf Of Arjan J.
Sent: Wednesday, January 16, 2002 8:49 AM
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] PPTP through the firewall


I'm using Shorewall to configure a firewall (RedHat 7.2) for a company I
work for. It works great, but I'm gaving some troubles with setting up
PPTP though. 

My configuration is as follows: the (test)firewall is the only linuxish
thing in the network, all the rest in Microsoft stuff. The users want to
log on to the corporate network over the internet, so some RAS
functionality was added to one of the (windows) servers. If I test it
over the local network everything works fine (a VPN connection is
created, or at least windows tells me it is). If I try to access the
network from the internet I get timeouts.
I tuned on all logging on the firewall and noticed that packages were
accepted by the firewall and send to the appropriate server:

Jan 16 17:06:19 test-firewall kernel: Shorewall:net2loc:ACCEPT:IN=eth1
OUT=eth0 SRC= DST= LEN=48 TOS=0x00 PREC=0x00
TTL=127 ID=12089 DF PROTO=TCP SPT=2634 DPT=1723 WINDOW=16384 RES=0x00

...but no data is going back. There are no restructions on
local->internet traffic. I've read the document on the homepage and
added the rules to the shorewall/rules file:

ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723  -  all
ACCEPT:6 net loc:$LOC_SERVER2 gre 47    -  all

I can do it this way, can't I?

Maybe it's not even a firewall issue, but maybe someone experieced the
same trouble...


Arjan Molenaar

PS. Please CC me since I'm not subscribed to the list...

Shorewall-users mailing list

Tracking #: 2281C61BC64BB74DB966545E02AB7B6498578386