Re: vpn cannot connected
This is a discussion on Re: vpn cannot connected within the IPFilter forums, part of the System Security and Security Related category; I found I couldn't connect to the VPN server just because I had only a "portmap" rule ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2004
|
|||
|
|||
Re: vpn cannot connected
I found I couldn't connect to the VPN server just because I had only a "portmap" rule in /etc/ipnat.rules. I added a rule "map fxp0 192.168.0.0/24 -> xxx.xxx.xxx.xxx/32", then I could connect to the VPN server, but only from 1 machine, if I want to connect the same server from another machine, I must flush the current NAT maps, "ipnat -C -f /etc/ipnat.rules".
I've been confused by this for some time. ----- Original Message ----- From: "Laurence Moore" <lmoore@starwon.com.au> To: <ipfilter@coombs.anu.edu.au> Sent: Tuesday, July 06, 2004 6:52 PM Subject: Re: vpn cannot connected > > > On Tue, 6 Jul 2004, Shepherd wrote: > > > I met the same problem, couldn't connect to a VPN server outside. > > But if I use bimap to bind an internet IP address to a private address, it can connect. > > The version is "IP Filter: v3.4.31 (336)". > > > > You will need to let the GRE protocol through with a rule something like > > pass in quick on rl1 proto gre from any to any keep state > > > What you will also need to be aware of is if your kernel has GRE built > into it. On the OpenBSD platform you need to remove GRE from the kernel if > you will be running PPTP Service on that system. > > Larry. > > > ----- Original Message ----- > > From: "sunjun" <sunjun@egotop.com> > > To: <ipfilter@coombs.anu.edu.au> > > Sent: Thursday, March 18, 2004 12:55 PM > > Subject: vpn cannot connected > > > > > > > hi, > > > > > > help , look my ipf rule > > > > > > rl1 is connected to our external > > > server run mpd (vpn), > > > only permit vpn client connect in rl1 ,other all deny > > > but permit rl1 go out > > > > > > ----------------------- > > > block in quick on rl1 all head 12 > > > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > > > group 12 > > > pass out quick on rl1 all keep state > > > ----------------------- > > > > > > > > > now, vpn cannot connected, > > > > > > where error ?? > > > > > > > > > > > > all rule > > > ----------------- > > > #block in quick all with frag > > > block in quick all with short > > > block in quick all with ipopts > > > block in quick all with opt lsrr > > > block in quick all with opt ssrr > > > block in proto icmp from any to any > > > pass out proto icmp from any to any keep state > > > > > > # Internet > > > block in quick on rl1 all head 12 > > > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > > > group 12 > > > pass out quick on rl1 all keep state > > > > > > # Intranet > > > pass in quick on rl0 proto tcp/udp from 172.16.1.10/32 to 172.16.1.7/32 > > > port = 229 > > > pass in quick on rl0 proto tcp/udp from 172.16.12.0/32 to 172.16.1.7/32 > > > port = 229 > > > pass in quick on rl0 proto tcp/udp from 172.16.1.67/32 to 172.16.1.7/32 > > > port = 229 > > > block in quick on rl0 proto tcp/udp from any to any port = 229 > > > block in quick on rl0 proto tcp/udp from any to any port 136 >< 140 > > > pass out quick on rl0 proto tcp/udp from 172.16.3.0/24 to 172.16.0.0/16 > > > port 136 >< 140 keep state > > > > > > block in quick on rl0 proto tcp/udp from any to any port 6900 >< 7000 > > > block in quick on rl0 proto tcp/udp from any to any port 7800 >< 7900 > > > block in quick on rl0 proto tcp/udp from any to any port 8880 >< 9000 > > > > > > block in quick on rl0 proto tcp/udp from any to any port = 25 > > > > > > > > > > > > 
|
Linear Mode
