Hi Matt,
Have you included GRE-connections in the firewall-rules?
I've got an Debian/GNU 3.1 (Sarge) with kernel 2.6.6 (custom compiled),
which both acts as an NAT:ing firewall for my lan, as well as an
VPN-setver for some Windows-clients.
An 'iptables -L FORWARD -n -v' shows:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
145K 83M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * ppp0 0.0.0.0/0
0.0.0.0/0 tcp dpt:137 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * ppp0 0.0.0.0/0
0.0.0.0/0 tcp dpt:138 reject-with icmp-port-unreachable
4279 332K ACCEPT all -- * ppp0 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
And 'iptables -L -t nat -n -v' shows:
Chain POSTROUTING (policy ACCEPT 24137 packets, 3002K bytes)
pkts bytes target prot opt in out source
destination
22274 2328K MASQUERADE all -- * ppp0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Brgds
Johan
-----Original Message-----
From: Matt Mckinley [mailto:mmckinley@secureworks.com]
Sent: den 23 september 2005 21:18
To: 'firewalls@securityfocus.com'
Subject: PPTP
I have a linux IPtables firewall (latest version) that is in
bridging mode.
There is another firewalling device behind it that is
performing NAT. When
a host behind that firewall connects to a PPTP server on a routable IP
address,
it appears that the IPTables linux box is breaking the
connection. When we
remove that device, the connection works fine.
Does anyone have any thoughts on what might cause this behavior?
Thanks!!
-Matt
