[ previous ] [ next ] [ threads ]
 From:  "Kasper Pedersen" <m0n0list dash kkp2 at kasperkp dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  PPTP change of behaviour in 1.3b2
 Date:  Fri, 12 Jan 2007 18:38:48 +0100
(Summary: I think the default outbound NAT rule doesn't include the PPTP 

I _believe_ this has changed, but, don't shoot me more than once if this is 
a lapse of memory, or a misunderstanding on my part:

With the mono 1.2x setup at work I had set it up so that LAN was, DMZ was, and set PPTP for That is, PPTP users would have '22' 
addresses, and LAN users had '10' adresses. I could run a PPTP session to 
work, I could access sites on internet, and the source ip address was work's 
IP address.

With 1.3b2 most everything still works, but PPTP clients can no longer 
access sites on the internet. I then told it to use LAN addresses 
( for PPTP, and now PPTP clients _can_ access 

When I PPTP into work with one machine, with the PPTP server set to, and then attempt to ping my at-home external interface, 
my at-home monowall drops a packet with source address, as if 
the default-generated NAT rule doesn't apply to outgoing packets with source 
address in the PPTP range (unless, of course, the PPTP range is a subset of 
the LAN range)


/Kasper Pedersen