Re: [m0n0wall] PPTP -> Windows Clients problems

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] PPTP -> Windows Clients problems
Date:	Sun, 12 Sep 2004 13:34:19 -0700 (PDT)

On Wed, 8 Sep 2004, Roy Walker wrote:

> I am having some strange stuff happen with some Windows clients.  First
> here is the setup.
>  
> Have the PPTP rule like so:
>  
> Proto    Source             Port      Destination       Port
> Description
> *          PPTP clients     *          *                      *
> PPTP Passthru
>  
> The servers the clients are trying to reach are on the LAN and the LAN
> interface has the Default LAN rule.
>  
> This would seem to me to allow any traffic from the LAN to the PPTP
> clients and from the PPTP clients to the LAN.

Yes, though note that broadcasts won't get through regardless of
rules.  This can be an issue with B-type name resolution.

> I see the following in my firewall logs when the clients try to connect
> to file shares on the network servers:
> ng1       172.31.1.2       172.31.2.64     UDP
>  
> Note there is no port information on this, it seems like it is some kind
> of UDP broadcast.

It's not a broadcast, as you can see from the address.  And it would have
port numbers whether it's a broadcast or not.  The only time you don't get
port numbers for TCP or UDP is with a non-initial fragment, which should
be shown as such.  The above doesn't look like m0n0wall log output, at
least not verbatim.

					Fred Wright