Re: [m0n0wall] how to set up a the PPTP server with firewall rules

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] how to set up a the PPTP server with firewall rules
Date:	Sat, 5 Jul 2003 13:09:06 -0700 (PDT)

On Sat, 5 Jul 2003, Manuel Kasper wrote:
> On Sat, 5 Jul 2003, Michiel van Es wrote:
> 
> > Hi, i'm enabling the pptp server of the firewall but what firewall rule
> > do I have to use?
> 
> You don't have to add any special filter rules for GRE, that is taken care
> of by the filter ruleset generator automatically. But if you use
> m0n0wall's built-in PPTP server (i.e. you do not redirect incoming PPTP
> connections to another PPTP server behind the firewall), you'll have to
> add rules on the "PPTP" interface to permit traffic from them (example:
> interface PPTP, protocol any, source PPTP clients, destination any).

Does TCP port 1723 also get allowed automatically?

> > DOes anyone hae an example config to passthorugh pptp request throug
> > the firewall to the pptp server?
> 
> What do you want to do now - use the built-in PPTP server or redirect the
> connection? With the latter, you also have to be aware of issues that 3rd
> party PPTP servers may be having with NAT...

And you have to be sure to redirect both GRE and TCP port 1723.  

Theoretically, PPTP is only one of the possible uses for GRE, but as long
as you don't use any other GRE-based protocols it should work to redirect
GRE completely.

					Fred Wright