Re: vpn cannot connected
This is a discussion on Re: vpn cannot connected within the IPFilter forums, part of the System Security and Security Related category; I met the same problem, couldn't connect to a VPN server outside. But if I use bimap to bind ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-06-2004
|
|||
|
|||
Re: vpn cannot connected
I met the same problem, couldn't connect to a VPN server outside.
But if I use bimap to bind an internet IP address to a private address, it can connect. The version is "IP Filter: v3.4.31 (336)". ----- Original Message ----- From: "sunjun" <sunjun@egotop.com> To: <ipfilter@coombs.anu.edu.au> Sent: Thursday, March 18, 2004 12:55 PM Subject: vpn cannot connected > hi, > > help , look my ipf rule > > rl1 is connected to our external > server run mpd (vpn), > only permit vpn client connect in rl1 ,other all deny > but permit rl1 go out > > ----------------------- > block in quick on rl1 all head 12 > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > group 12 > pass out quick on rl1 all keep state > ----------------------- > > > now, vpn cannot connected, > > where error ?? > > > > all rule > ----------------- > #block in quick all with frag > block in quick all with short > block in quick all with ipopts > block in quick all with opt lsrr > block in quick all with opt ssrr > block in proto icmp from any to any > pass out proto icmp from any to any keep state > > # Internet > block in quick on rl1 all head 12 > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > group 12 > pass out quick on rl1 all keep state > > # Intranet > pass in quick on rl0 proto tcp/udp from 172.16.1.10/32 to 172.16.1.7/32 > port = 229 > pass in quick on rl0 proto tcp/udp from 172.16.12.0/32 to 172.16.1.7/32 > port = 229 > pass in quick on rl0 proto tcp/udp from 172.16.1.67/32 to 172.16.1.7/32 > port = 229 > block in quick on rl0 proto tcp/udp from any to any port = 229 > block in quick on rl0 proto tcp/udp from any to any port 136 >< 140 > pass out quick on rl0 proto tcp/udp from 172.16.3.0/24 to 172.16.0.0/16 > port 136 >< 140 keep state > > block in quick on rl0 proto tcp/udp from any to any port 6900 >< 7000 > block in quick on rl0 proto tcp/udp from any to any port 7800 >< 7900 > block in quick on rl0 proto tcp/udp from any to any port 8880 >< 9000 > > block in quick on rl0 proto tcp/udp from any to any port = 25 > > 
|
Linear Mode
