On 9/16/05, Nik Clayton <nik at ngo dot org dot uk> wrote:
> > Then set a firewall rulset only allowing the opt1 subnet to
> > access 192.168.2.1 with PPTP and no WAN access.
> Done that. The rule looks like:
> OPT1 interface
> Proto Source Port Destination Port
> * PPTP Clients * 192.168.2.1 *
that's only allowing clients already connected via PPTP to talk to
192.168.2.1, which is why you can't ping the interface anymore.
Change that source to "any".
> But to no avail. The wireless clients are given IP addresses using DHCP
> (that still works, verified by delete/down/up'ing their wireless
> interfaces, making sure they got a 192.168.2.x IP address, and
> confirming through the m0n0wall "DHCP leases" diagnostics page) but they
> can't do anything else. Attempts to connect to the PPTP server on
> 192.168.0.239 eventually time out, and they can't ping their subnet's
and you aren't actually trying to connect to 192.168.0.239, you want
to connect to the PPTP server using 192.168.2.1.