Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPChains and VPN

From: Simeon Johnston <simeonuj () eetc com>
Date: Mon, 11 Sep 2000 16:06:35 -0500
We decided to use IPSec on the firewall instead of PPTP.  It is more secure
and the clients are free.  Thanks for your feedback, I'm pretty sure it
would have worked.

thanks
sim


We have an NT server running PPTP located inside of our firewall.  The
firewall is a Linux box running ipchains w/ masquerading.  In order
to allow connections from outside into our PPTP server, I patched the
kernel on the firewall machine using John Hardin's VPN Masquerade
patches, then added the following to the startup script:

# VPN: for an MS VPN server at 10.2.2.14
# note that 'dialup' win98 clients won't work if the outside address isn't
# the primary ip for that interface - i.e., use the addr for eth1, not
eth1:1
ipmasqadm portfw -a -P tcp -L outside.ip.address 1723 -R 10.2.2.14 1723
ipfwd --masq 10.2.2.14 47 >/dev/null 2>&1 &


The 'ipmasqadm portfw' line forwards tcp traffic from the outside that's
destined for port 1723 onto the actual server at 10.2.2.14.
The 'ipfwd' line forwards any traffic for *protocol* (not port) 47 to
the same machine (10.2.2.14).

Hope that helps!
horkan


On Thu, Sep 07, 2000 at 03:41:27PM -0500, Simeon Johnston wrote:

On our network is a Alpha running linux with PoPToP running.  We are able
to
connect to it just fine inside the network, but outside the firewall it is
not possible.  I have consulted many howtos, most of them rather old, that
were really useless.  They describe setting up the VPN server, then you do
a
ton of patches, then it should magically work.
Useless information.

Does anyone know how to do this, or where to find a "good" howto.
Any help would be appreciated

sim



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: