[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pptp ipnat clients

To: tech@openbsd.org
Subject: pptp ipnat clients
From: Leif Larsson <leif.larsson@l3system.se>
Date: Tue, 19 Jun 2001 15:03:20 +0200

I've been searchnig in the archives and the ipf mailing list 
archives for a problem. We have a OBSD 2.8 firewall and a couple 
of clients running the MS pptp client against a server on the 
internet. The firewall is running ipnat.
The problem is that only one client at the time can connect. 
Its an ipnat issue but I just cant find any answer.

One solution is to map unique inside ip -> unique outside ip
Ufortunately we dont have as many real ip:s as would be 
needed. 

I know our setup works, but only for one client at the time 
against the same server. 
We are not blocking port 1723 or proto gre.

Has anyone got this working ?

Leif

ipnat.rules:
map fxp0 192.168.1.0/24 -> out.side.ip.nr/32 proxy port ftp ftp/tcp
map fxp0 192.168.1.0/24 -> out.side.ip.nr/32 portmap tcp/udp 20000:40000 
map fxp0 192.168.1.0/24 -> out.side.ip.nr/32


L3System AB
www.l3system.se
--------------

PGP key fingerprint = E2 44 1D 09 C8 46 1A 4B  89 52 9B A3 34 C0 2F A2

Prev by Date: Bridging and ARP issues
Next by Date: Re: Login and SIGHUP
Prev by thread: Bridging and ARP issues
Next by thread: chrooted ssh & secure ftpd
Index(es):
- Date
- Thread