[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: IPFilter 3.4.33pre1, GRE/PPTP client behind firewall
From: "Shepherd" <chgg () shinewaysoft ! com>
Date: 2004-07-07 9:24:01
Message-ID: 00f501c46404$237ce150$3300a8c0 () Zealand
[Download RAW message or body]
I did the same thing but I could get only 1 client conneted.
----- Original Message -----
From: <spirilis@scitus.yi.org>
To: "Eric V. Smith" <eric@windsor.com>
Cc: <ipfilter@coombs.anu.edu.au>
Sent: Wednesday, January 14, 2004 8:07 PM
Subject: Re: IPFilter 3.4.33pre1, GRE/PPTP client behind firewall
> On Wed, Jan 14, 2004 at 07:05:39AM -0500, Eric V. Smith put into existance:
> ]
> ] > My laptop sends packets to the corporate VPN server (12.12.12.12) with
> ] > protocol=47 (GRE), however Source IP=192.168.0.45, Dest IP=12.12.12.12.
> ] > That's fine, except my Sun box continues to send that packet out the
> ] > modem as Source=192.168.0.45, Dest=12.12.12.12 !
> ] > It does not rewrite the Source IP of the outbound GRE packet. Are there
> ] > any rules I should add to enable this?
> ]
> ] ....
> ]
> ] > Also for the record, I have basic TCP/UDP NAT'ing for all boxes in my
> ] > internal LAN, using the following IPNat rule: map sppp0 192.168.0.0/24
> ] > -> 0.0.0.0/32 portmap tcp/udp 20000:30000
> ]
> ] You're not seeing the Sun box's address as the source address on the GRE
> ] packets because you have no NAT rule for them. You're only NAT'ing TCP
> ] and UDP, not GRE.
> ]
> ] I don't have a ipfilter box handy to check the exact syntax, but a NAT
> ] rule such as:
> ] map sppp0 192.168.0.0/24 -> 0.0.0.0
> ] should cause packets for all protocols to be NAT'd. I don't know if
> ] there's a way to just specify GRE.
>
> Yep, this did the trick. I added this right after my tcp/udp rule and was able to successfully
> connect.
>
> Thank you VERY much!
> Now I can continue learning more about the ins and outs of these rules :)
>
> ]
> ] Eric.
> ]
> ]
> ]
> ]
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic