[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Brett <monoinfo at slick dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP and port blocking / restricting - defnitive answer
 Date:  Thu, 23 Dec 2004 21:43:42 -0500
On Thu, 23 Dec 2004 18:09:48 -0800, Brett <monoinfo at slick dot org> wrote:
> The FAQ at http://m0n0.ch/wall/docbook/faq-limitpptp.html reads,
> "Configure your firewall rules on the WAN interface permitting TCP 1723
> only from hosts you want to use PPTP.".  This suggestion is supported by
> several postings in the archive.

Yeah, that's why I committed it, though I didn't try it first.  

> When I look at the status.php page, I see something that looks like port
> 1723 is getting redirected even before my first blocking rule is
> considered.  I did not add this rule - it would have to be something
> that m0n0wall adds by default.  I am not sure if this might be the
> source of the problem (if it is, I am not sure what I can do about it).

Yes, it's added on the back end to permit traffic to the PPTP server,
and the rules you define are added below that rule.

> 1.  Is it possible to enable the PPTP server and disable access on a
> specific interface (either through port blocking or otherwise).

Not that I see, though I'd love to hear otherwise from somebody out there.  

> 3.  If the answer to #1 is no, who do I need to contact to update the
> FAQ.  

That would be me.  Done already.  I removed it unless/until somebody
can show me how to do it in a way that works.