[ previous ] [ next ] [ threads ]
 
 From:  =?WINDOWS-1252?B?lSCV?= <googl3meister at gmail dot com>
 To:  Jonas Claesson <jonas dot claesson at home dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: PPTP with NATed clients - Anyone that got it working? - Continued
 Date:  Fri, 8 Jul 2005 08:15:35 +1000
On 7/7/05, Jonas Claesson <jonas dot claesson at home dot se> wrote:
> ....story continues....
> 
> Is there any difference in the way FreeBSD and Linux (2.4 kernel)
> handles PPTP/NAT?
> 
> Scenario:
> 
> - Client: WinXP
> 
> - "Local"-Firewall: E-Smith (running modified RedHat)
> 
> - PPTP server 1: E-Smith
> - PPTP server 2: Linksys WRT54G running Sveasoft firmware (Linux)
> - PPTP server 3/4: Monowall 1.2b9
> 
> I can connect to both PPTP server 1 & 2 without any issues. Whenever I
> try to connect to a PPTP server running on Monowall my local firewall
> drops all GRE packets from Monowall....why?

Uhm - because there is no rule to allow the packet to pass perhaps?

> For a brief moment today I messed up my local firewall (blocking all
> external access to services) and during that time I were able to connect
> to the Monowall PPTP server.

So, let me get this right:
a) you completely cut yourself off from the network by "messing with"
your firewall rules

and yet:

b) you were able to connect to m0n0 pptp over some network connection?

I think we're missing a large piece of the picture here, because a)
and b) should be mutually exclusive - either you're firewalled off
completely or not - you cannot have it both ways :) You might have
accidentally blocked TCP/UDP *after* the tunnel was up, in which case
you thought you were blocking everything, but the tunnel doesn't use
TCP/UDP protocols - it uses protocol 47 as mentioned previously.

Can you send in the block reports from your local firewall (hide your
real IP's first)? - and which local firewall are you using - XP
native, Tiny, Kerio, a hardware device, other combo device
(eg:WR850G)?

--cheers
gm