[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    vpn cannot  connected
From:       "sunjun" <sunjun () egotop ! com>
Date:       2004-03-18 4:55:43
Message-ID: 200403180455.i2I4tnn2012840 () cairo ! anu ! edu ! au
[Download RAW message or body]

hi,

help , look my  ipf rule 

rl1 is connected to our external
server run mpd (vpn),
only permit vpn client connect in rl1 ,other all deny
but permit rl1 go out

-----------------------
block in  quick on rl1 all head 12
pass  in  quick on rl1 proto tcp from any to any port = 1723 keep state
group 12
pass  out quick on rl1 all keep state
-----------------------


now, vpn cannot  connected,

where  error  ??



all rule
-----------------
#block in quick all with frag
 block in quick all with short
 block in quick all with ipopts
 block in quick all with opt lsrr
 block in quick all with opt ssrr
 block in proto icmp from any to any
 pass out proto icmp from any to any keep state

# Internet
 block in  quick on rl1 all head 12
 pass  in  quick on rl1 proto tcp from any to any port = 1723 keep state
group 12
 pass  out quick on rl1 all keep state

# Intranet
 pass in quick on rl0 proto tcp/udp from 172.16.1.10/32 to 172.16.1.7/32
port = 229
 pass in quick on rl0 proto tcp/udp from 172.16.12.0/32 to 172.16.1.7/32
port = 229
 pass in quick on rl0 proto tcp/udp from 172.16.1.67/32 to 172.16.1.7/32
port = 229
 block in quick on rl0 proto tcp/udp from any to any port = 229
 block in quick on rl0 proto tcp/udp from any to any port 136 >< 140
 pass out quick on rl0 proto tcp/udp from 172.16.3.0/24 to 172.16.0.0/16
port 136 >< 140 keep state

 block in quick on rl0 proto tcp/udp from any to any port 6900 >< 7000
 block in quick on rl0 proto tcp/udp from any to any port 7800 >< 7900
 block in quick on rl0 proto tcp/udp from any to any port 8880 >< 9000

 block in quick on rl0 proto tcp/udp from any to any port = 25

[prev in list] [next in list] [prev in thread] [next in thread]