Re: IPChains and VPN

[Simeon Johnston <simeonuj () eetc com>]

I have just recompiled the kernel.  Was 2.2.14-5.0, the original kernel.
I downloaded 2.2.17 and compiled it,  works, need some configuration.
Does this new kernel need any patches to work with VPN?
The only problem with this kernel is that it renumbered the ethernet cards,
eth2 is now eth0 and eth0 is eth1 ( I think).
Havn't been able to test it because it is already installed and is acting as
the router for our network but this sounds like it should do it.

I'll have to test it next week, late at night.
thanks

sim

> From: Horkan Smith <horkan () horkan net>
> Date: Thu, 7 Sep 2000 15:02:12 -0700
> To: Simeon Johnston <simeonuj () eetc com>
> Subject: Re: [fw-wiz] IPChains and VPN
>
>
>
> I'm not sure I understand your configuration completely, but here goes:
>
> We have an NT server running PPTP located inside of our firewall.  The
> firewall is a Linux box running ipchains w/ masquerading.  In order
> to allow connections from outside into our PPTP server, I patched the
> kernel on the firewall machine using John Hardin's VPN Masquerade
> patches, then added the following to the startup script:
>
> # VPN: for an MS VPN server at 10.2.2.14
> # note that 'dialup' win98 clients won't work if the outside address isn't
> # the primary ip for that interface - i.e., use the addr for eth1, not eth1:1
> ipmasqadm portfw -a -P tcp -L outside.ip.address 1723 -R 10.2.2.14 1723
> ipfwd --masq 10.2.2.14 47 >/dev/null 2>&1 &
>
>
> The 'ipmasqadm portfw' line forwards tcp traffic from the outside that's
> destined for port 1723 onto the actual server at 10.2.2.14.
> The 'ipfwd' line forwards any traffic for *protocol* (not port) 47 to
> the same machine (10.2.2.14).
>
> There was a *lot* of work put into the MS machines (w/ patches, registry
> settings etc) to lock 'em down, then a lot more work to actually have
> 'em operate that way....  But, that seemed to be independent of the
> masquerade and firewall stuff.
>
> Hope that helps!
> horkan
>
>
> On Thu, Sep 07, 2000 at 03:41:27PM -0500, Simeon Johnston wrote:
> > On our network is a Alpha running linux with PoPToP running.  We are able to
> > connect to it just fine inside the network, but outside the firewall it is
> > not possible.  I have consulted many howtos, most of them rather old, that
> > were really useless.  They describe setting up the VPN server, then you do a
> > ton of patches, then it should magically work.
> > Useless information.
> >
> > Does anyone know how to do this, or where to find a "good" howto.
> > Any help would be appreciated
> >
> > sim 
> >
> > _______________________________________________
> > Firewall-wizards mailing list
> > Firewall-wizards () nfr net
> > http://www.nfr.net/mailman/listinfo/firewall-wizards
>
> -- 
> Horkan Smith
> 425-558-1124 Home, 206-786-9315 cell, horkan () iname com email


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards