Hi, On Sun, 17 Mar 2002, Raśl Alexis Betancort Santana wrote:
> Hi all, I'm triying to do the next setup ... > > Inet <-> Sid FW (Pc1,eth1-inet,eth0-lan) <-> Sid PPTPd (Pc2,eth0-lan) > > On the PC1 I have done this > > iptables -t nat -A PREROUTING -p gre -j DNAT --to 192.168.0.2 > iptables -t nat -A PREROUTING -p tcp --dport 1723 -j DNAT --to > 192.168.0.2 > > Along other rules that don't get into colission with this ones > > When I try to make a conx from a WinXX machine with the VPN support > (pptp), It connect (I saw the pptpd launching the pppd on the PC2), > and there is GRE traffic (tcpdump -i eth0 proto gre; on pc2 show > that), but the WinXX machine allway stay saing "Checking username and > password" till it get a timeout. > > Appart from a possible problem with the pptpd/pppd config, are this > rules OK to *forward* such kind of traffic from the FW to the internal > server ? Have you checked whether GRE traffic in the other direction is allowed as well by PC1? Also, what is pppd doing with the incoming traffic? Turn pppd debugging on and see if it actually receives the PPP LCP packets from the client. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153 | http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
