Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host on the dmz, but no luck. I can''t see anything in the logs either. I realize it could be any of a thousand different things, but as I''ve set up tons of systems with only one public ip and DNATing everything regarding pptp with no problems, I thought I''d throw the question out there regarding proxy arp, since this is the first system I''ve set up using proxy arp. If you need further info on the set up, let me know. Thankful for any input! Cheers, ?rjan
--On Wednesday, January 22, 2003 10:34 PM +0100 shorewall at bolibompa <shorewall@bolibompa.com> wrote:> Hi all! > > I''ve set up a Linux box with shorewall doing proxy arp as per > http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non > routed) example. Everything is working great except for one thing, and > that leads me to my question: is there a conflict between proxy arp and > pptp?I can''t imagine what it would be.> I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and > protocol 47 to the host on the dmz, but no luck. I can''t see anything in > the logs either. I realize it could be any of a thousand different > things, but as I''ve set up tons of systems with only one public ip and > DNATing everything regarding pptp with no problems, I thought I''d throw > the question out there regarding proxy arp, since this is the first > system I''ve set up using proxy arp. >I''m afraid that you''re going to have to do some debugging... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Hi Tom, --On Wednesday, January 22, 2003 10:34 PM +0100 shorewall at bolibompa <shorewall@bolibompa.com> wrote:>> Hi all! >> >> I''ve set up a Linux box with shorewall doing proxy arp as per >> http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non >> routed) example. Everything is working great except for one thing, and >> that leads me to my question: is there a conflict between proxy arp and >> pptp?>I can''t imagine what it would be.Well, that''s kind of the answer I was after, I guess... ;-)>> I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and >> protocol 47 to the host on the dmz, but no luck. I can''t see anything in >> the logs either. I realize it could be any of a thousand different >> things, but as I''ve set up tons of systems with only one public ip and >> DNATing everything regarding pptp with no problems, I thought I''d throw >> the question out there regarding proxy arp, since this is the first >> system I''ve set up using proxy arp. >>>I''m afraid that you''re going to have to do some debugging...So, am I right in even suspecting the ISP''s router regarding gre? Thanks, ?rjan -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
--On Wednesday, January 22, 2003 11:12 PM +0100 shorewall at bolibompa <shorewall@bolibompa.com> wrote:>>> > >> I''m afraid that you''re going to have to do some debugging... > > So, am I right in even suspecting the ISP''s router regarding gre? >Sure -- That problem has been reported by others in the past. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
--On Wednesday, January 22, 2003 2:43 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Wednesday, January 22, 2003 11:12 PM +0100 shorewall at bolibompa > <shorewall@bolibompa.com> wrote: > >>>> >> >>> I''m afraid that you''re going to have to do some debugging... >> >> So, am I right in even suspecting the ISP''s router regarding gre? >> > > Sure -- That problem has been reported by others in the past. >I have a PPTP Server managed by Proxy ARP that you can try to connect to if you would like to test. Email me privately for details. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
--On Wednesday, January 22, 2003 11:12 PM +0100 shorewall at bolibompa <shorewall@bolibompa.com> wrote:> --On Wednesday, January 22, 2003 10:34 PM +0100 shorewall at bolibompa > <shorewall@bolibompa.com> wrote: >>> is there a conflict between proxy arp and >>> pptp? > >> I can''t imagine what it would be. > > Well, that''s kind of the answer I was after, I guess... ;-) >Take it or leave it -- I think that I have a pretty firm grasp of IPV4 networking but then again I''ve been wrong before... ;) -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net