[ previous ] [ next ] [ threads ]
 
 From:  "Kasper Pedersen" <m0n0list dash kkp2 at kasperkp dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  PPTP change of behaviour in 1.3b2
 Date:  Fri, 12 Jan 2007 18:38:48 +0100
(Summary: I think the default outbound NAT rule doesn't include the PPTP 
range)

I _believe_ this has changed, but, don't shoot me more than once if this is 
a lapse of memory, or a misunderstanding on my part:

With the mono 1.2x setup at work I had set it up so that LAN was 
192.168.10.1/24, DMZ was 192.168.21.1/24, and set PPTP for 
192.168.22.3+192.168.22.128/28. That is, PPTP users would have '22' 
addresses, and LAN users had '10' adresses. I could run a PPTP session to 
work, I could access sites on internet, and the source ip address was work's 
IP address.

With 1.3b2 most everything still works, but PPTP clients can no longer 
access sites on the internet. I then told it to use LAN addresses 
(192.168.10.7+192.168.10.128/28) for PPTP, and now PPTP clients _can_ access 
internet.

When I PPTP into work with one machine, with the PPTP server set to 
192.168.22.128/28, and then attempt to ping my at-home external interface, 
my at-home monowall drops a packet with source address 192.168.22.128, as if 
the default-generated NAT rule doesn't apply to outgoing packets with source 
address in the PPTP range (unless, of course, the PPTP range is a subset of 
the LAN range)

Puzzled.

/Kasper Pedersen