Well, I removed the firewall and NAT rules that dealt with the PPTP
traffic, and instead of getting a blocked GRE protocol message in the
firewall, I get this:
08:38:02.216056 WAN IP.IP.IP.IP, port 50681 IP.IP.IP.IP port 1723 TCP
08:37:59.203420 WAN IP.IP.IP.IP, port 50681 IP.IP.IP.IP, port 1723 TCP
08:37:56.692952 WAN IP.IP.IP.IP, port 50681 IP.IP.IP.IP, port 1723 TCP
What do you think would cause the migration from blocking GRE traffic to
blocking TCP traffic across that port? I was under the impression that
m0n0's default ruleset was to deny all.
Chris Buechler wrote:
>On 6/3/05, Chris Van Vorous <m0unds at speakeasy dot net> wrote:
>> Hi everyone, this is my first post.
>> I've read through lots of questions regarding PPTP/VPN functionality
>>withing m0n0wall, but I couldn't really find a concrete answer to my
>> 1. Remote connections to my external IP, requesting a PPTP session
>>fail with Microsoft Windows error 619
>> 2. Connections on the LAN work just fine (so do connections from my
>> I've setup a NAT Forwarding rule to take traffic to TCP port 1723 (PPTP)
>>and send it to one interface address of the m0n0wall (192.168.1.5 in this
>>instance). I set up a matching firewall rule to permit traffic across that
>>NAT link. After seeing my firewall log (as I have pasted), I also tried to
>>forward GRE traffic to see if it would matter. I've also run a full-on
>>forward firewall rule: WAN, any port, any protocol, etc with no result.
>If m0n0wall isn't behind another firewall, you don't need any NAT
>entries or firewall rules. All that gets added automatically. I'd
>suspect this NAT entry is breaking things by sending the TCP traffic
>to a different interface than the GRE traffic. Remove all the NAT and
>firewall rule stuff and it should just work.