It actually is "pass through" I am referring to. Here's an ascii picture of what I'm attempting:
Clients ---> M0n0wall ---> (Internet) ---> PPTP Server
I am puzzled as to why a silly Netgear can keep track of 10+ outgoing PPTP connections while a Linux
or BSD box just can't handle 1 stably, let alone work at all. This is a drop-in replacement I'm
talking about : the network config is the same on the Netgear and the m0n0. Netfilter on Linux
appears to provision some nat-pptp connection tracking module which I have not tested because I
can't find a fw/floppy distro which handles them.
> -----Original Message-----
> From: Don Munyak [mailto:don dot munyak at gmail dot com]
> Sent: 4 mai 2005 08:07
> To: Nantel Mathieu
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] PPTP passthrough
> If the pass-through that you reference is actually
> "redirection", then yes I have it working. I redirect pptp
> connection to an internal windows 2000 server. External
> clients point their pptp connection to the m0n0wall wan
> interface, which gets redirected to the internal server.
> - v1.11 generic pc image
> - under VPN \ PPTP \ Configuration menu link Changed radio
> button focus to "redirect incoming pptp connections to:
> - PPTP Redirection textbox [enter pptp server ip]
> - The default image supports 16 pptp connections. I beleive
> there is a hack available for up to 50 connections.
> Have you checked the system logs to see what error messages
> are occuring?
> - Don
> On 5/3/05, Nantel Mathieu <mnantel at microserv dot ca> wrote:
> > Good day,
> > Hopefully this has not been answered before (it does not
> figure on the FAQ afaik).
> > We have a cable connection which is hooked up to a Netgear
> wireless router. The Netgear has been spontaneously crashing
> for the past month in quite a random manner, and thus we
> replaced it with a Linux router box.
> > One of the main requirements of the router box is to be
> able to let outgoing PPTP connection pass through (offer some
> kind of connection tracking for those).
> > I initially tried installing devil-linux (linux+iptables)
> which would let some users connect using PPTP, once in a
> while, and deny others in a very erratic. It felt like you
> had to let the firewall idle for 30 seconds between a PPTP
> disconnection and reconnection. And it just didn't work for
> some of the users.
> > I then thought about trying an entirely different package
> (BSD). So we setup m0n0wall on the box, which works
> beautifully BTW. However, I got the same sporadic PPTP
> connectivity. PPTP works flawlessly with the Netgear box.
> > Iptables does seem to implementent PPTP connection
> tracking, however it appears to be still "beta" at this time.
> > Has anyone got this to work with m0n0wall? A non-linux-guru
> is going to manage this device, and the GUI is perfect for
> this so I would love keep it if it will work.
> > Mathieu Nantel
> > Networking & Security
> > -----------------------------
> > Microserv.ca
> > tel:(514) 636-6467 x395
> > Fax : (514) 636-9547
> > 950 Chemin Herron
> > Dorval (Quebec)
> > H9S 1B3
> destinataire. Si ce message vous est parvenu par erreur ou
> l'information contenue dans ce message est strictement
> > Confidentiality Notice :
> > This email and any files transmitted with it are
> confidential and intended solely for the use of the
> individual or entity to whom they are addressed. If you have
> received this email in error please notify the system
> manager. This message contains confidential information and
> is intended only for the individual named. If you are not the
> named addressee you should not disseminate, distribute or
> copy this e-mail.
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Confidentiality Notice :
This email and any files transmitted with it are confidential and intended solely for the use of the
individual or entity to whom they are addressed. If you have received this email in error please
notify the system manager. This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not disseminate, distribute or
copy this e-mail.