Re: OpenBSD 3.0, NAT, and pptp

["Steve Jost" <steve@fuzzysoft.wox.org>]

Well, I disabled the GRE in my kernel and it still does not work. Here
are the rules for the forwarding in my nat.conf (by the way, its 1723
that needs to be forwarded).
 
rdr on de0 proto gre from 216.175.121.211/32 to 158.222.46.214/32 port 0
->   192.168.110.5 port 0
rdr on de0 proto tcp from 216.175.121.211/32 to 158.222.46.214/32 port
1701 ->       192.168.110.5 port 1701
rdr on de0 proto udp from 216.175.121.211/32 to 158.222.46.214/32 port
1701 ->    192.168.110.5 port 1701
 
What am I doing wrong?
 
--Steve
 
 
-----Original Message-----
From: owner-tech@openbsd.org [mailto:owner-tech@openbsd.org] On Behalf
Of josh
Sent: Saturday, December 01, 2001 9:26 PM
To: tech@openbsd.org
Subject: Re: OpenBSD 3.0, NAT, and pptp...
 
Steve Jost wrote...
> Hello, I have a quick question about a win2k client behind a NAT 
> connecting to a Win2k RAS server.  Using OpenBSD as the router, the 
> connection gets to 'verifying username and password' on the client and

> then fails.  It used to be working when my router was windows2000 (I 
> switched to win2k for this reason but couldn't stand it).  What do I 
> need to add in the nat.conf and the pf.conf to make this work?  I 
> found a tutorial on how to make it work with ipfilter, not with pf.  
> The way my network is setup is
>  
> 192.168.0.2/32 ========= 192.168.0.1/32 dc0 OpenBSD 3.0 de0 
> 158.222.46.214/32 ========= Internet/Win2k RAS (Business laptop)
> (Router) 
>  
> Is this even possible with OpenBSD?  I have read a few things that say

> it's not possible, and a few that say it is, maybe you could shed some

> light on this subject.  Thanks.
 
Yes, just disable GRE protocol in your kernel on the firewall, and setup
a rule to pass gre *thru* the firewall. Also you'll need outbound TCP
and UDP ports 1701. Sorry, I'm not using pf, but what I told you should
be enough to go on :)
 
-- 
josh
    Don't be fooled by cheap finnish imitations ; BSD is the One True
Code