Hi All,
I have pptp lusers who need to connect from my lan network
to external servers. But pf nat breaks pptp traffic from multiple
clients to the same external pptp server. I'm testing with
OpenBSD 3.9 and FreeBSD 6.1 firewalls.
I tried using frickin pptp 1.3 to proxy pptp traffic, but I'm unable
to get it to work with pf. I can get pptp clients through without
frickin (so I'm passing gre traffic through properly). I can also
run frickin on an internal lan host and proxy traffic through it
(this config is described as setup 1, 2 in the frickin readme).
If I try to rdr traffic from pf to frickin (setup 3 from frickin
readme), things fall apart and even a single pptp client is unable
to connect. The WinXP clients hang at the "Verifying username
and password..." screen :-(
My pf rules look like this:
wan = "xl0"
lan = "xl1"
pptp_server="1.2.3.4"
nat on $wan from $lan:network to any -> ($wan)
rdr proto tcp from $lan:network to \
$pptp_server port 1723 -> 127.0.0.1
rdr proto gre from $lan:network to $pptp_server -> 127.0.0.1
pass all
On the firewall, I ran "frickin -s 1.2.3.4".
The mailing list archives on this topic do not list any pf rules.
Are my pf rules correct? What am I doing wrong? Any help is
much appreciated.
- Raja
PS: pf@ is probably a better place for this post, but the mailing
list seems to be experiencing some problems atm and I'm unable
to post there. Sorry if this off-topic and annoys some folks.
