Firewall Wizards mailing list archives
Re: IPChains and VPN
From: Simeon Johnston <simeonuj () eetc com>
Date: Fri, 08 Sep 2000 08:01:15 -0500
I have just recompiled the kernel. Was 2.2.14-5.0, the original kernel. I downloaded 2.2.17 and compiled it, works, need some configuration. Does this new kernel need any patches to work with VPN? The only problem with this kernel is that it renumbered the ethernet cards, eth2 is now eth0 and eth0 is eth1 ( I think). Havn't been able to test it because it is already installed and is acting as the router for our network but this sounds like it should do it. I'll have to test it next week, late at night. thanks sim
From: Horkan Smith <horkan () horkan net> Date: Thu, 7 Sep 2000 15:02:12 -0700 To: Simeon Johnston <simeonuj () eetc com> Subject: Re: [fw-wiz] IPChains and VPN I'm not sure I understand your configuration completely, but here goes: We have an NT server running PPTP located inside of our firewall. The firewall is a Linux box running ipchains w/ masquerading. In order to allow connections from outside into our PPTP server, I patched the kernel on the firewall machine using John Hardin's VPN Masquerade patches, then added the following to the startup script: # VPN: for an MS VPN server at 10.2.2.14 # note that 'dialup' win98 clients won't work if the outside address isn't # the primary ip for that interface - i.e., use the addr for eth1, not eth1:1 ipmasqadm portfw -a -P tcp -L outside.ip.address 1723 -R 10.2.2.14 1723 ipfwd --masq 10.2.2.14 47 >/dev/null 2>&1 & The 'ipmasqadm portfw' line forwards tcp traffic from the outside that's destined for port 1723 onto the actual server at 10.2.2.14. The 'ipfwd' line forwards any traffic for *protocol* (not port) 47 to the same machine (10.2.2.14). There was a *lot* of work put into the MS machines (w/ patches, registry settings etc) to lock 'em down, then a lot more work to actually have 'em operate that way.... But, that seemed to be independent of the masquerade and firewall stuff. Hope that helps! horkan On Thu, Sep 07, 2000 at 03:41:27PM -0500, Simeon Johnston wrote:On our network is a Alpha running linux with PoPToP running. We are able to connect to it just fine inside the network, but outside the firewall it is not possible. I have consulted many howtos, most of them rather old, that were really useless. They describe setting up the VPN server, then you do a ton of patches, then it should magically work. Useless information. Does anyone know how to do this, or where to find a "good" howto. Any help would be appreciated sim _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards-- Horkan Smith 425-558-1124 Home, 206-786-9315 cell, horkan () iname com email
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IPChains and VPN Simeon Johnston (Sep 07)
- <Possible follow-ups>
- Re: IPChains and VPN Simeon Johnston (Sep 08)
- Re: IPChains and VPN Simeon Johnston (Sep 12)
- Re: IPChains and VPN Simeon Johnston (Sep 13)