Jerahmy Pocott skrev:
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
Hello Jerahmy,
Some progress it seems? Why not set it to allow gre from VPN server
only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
The way you ask your question, 'make it work without static ip or
allowing all traffic', isn't that contradictory?
As for the frag part, I'd say that if gre needs frag, then you will
have to enable it.
About the CVS, I seem to have misunderstood your question. I assumed
10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or
am I mistaking again?
/Roger
Yes, that is what I meant by 'static ip' I could allow all gre from the
specific ip address
but I would prefer that gre traffic be allowed from a host only when an
existing connection
has been opened to it..
10.0.0.2 is a CVS server.
It seems to me that natd works better with ipsec
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Hello again Jerahmy,
It would seem that there is a PPTP proxy in ipf that you might want to
try as well. The syntax would be:
map fxp1 10.0.0.0/0 -> 0/32 proxy port 1723 pptp/tcp
Good luck!
/Roger
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
