|
||||||||||
On 7/7/05, Jonas Claesson <jonas dot claesson at home dot se> wrote: > ....story continues.... > > Is there any difference in the way FreeBSD and Linux (2.4 kernel) > handles PPTP/NAT? > > Scenario: > > - Client: WinXP > > - "Local"-Firewall: E-Smith (running modified RedHat) > > - PPTP server 1: E-Smith > - PPTP server 2: Linksys WRT54G running Sveasoft firmware (Linux) > - PPTP server 3/4: Monowall 1.2b9 > > I can connect to both PPTP server 1 & 2 without any issues. Whenever I > try to connect to a PPTP server running on Monowall my local firewall > drops all GRE packets from Monowall....why? Uhm - because there is no rule to allow the packet to pass perhaps? > For a brief moment today I messed up my local firewall (blocking all > external access to services) and during that time I were able to connect > to the Monowall PPTP server. So, let me get this right: a) you completely cut yourself off from the network by "messing with" your firewall rules and yet: b) you were able to connect to m0n0 pptp over some network connection? I think we're missing a large piece of the picture here, because a) and b) should be mutually exclusive - either you're firewalled off completely or not - you cannot have it both ways :) You might have accidentally blocked TCP/UDP *after* the tunnel was up, in which case you thought you were blocking everything, but the tunnel doesn't use TCP/UDP protocols - it uses protocol 47 as mentioned previously. Can you send in the block reports from your local firewall (hide your real IP's first)? - and which local firewall are you using - XP native, Tiny, Kerio, a hardware device, other combo device (eg:WR850G)? --cheers gm |