Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the packet count is zero. I am connecting from outside the network. Any suggestions? TX, ALP
Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the packet count is zero. I am connecting from outside the network. Any suggestions? TX, ALP
Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the packet count is zero. I am connecting from outside the network. Any suggestions? TX, ALP
On Mon, 30 Aug 2004, ALParada wrote:> Hello, > > I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I > setup the PPTP rules per your documentation with tcp port 1723 and > Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the > logs it is dropping the connection going to port 1723.Then the rules that you added don''t match the traffic that you are trying to forward.> It is also > dropping UDP port 1701, don''t know if it is of any significance.It''s not.> I > looked at FAQ 1a and b and the packet count is zero. I am connecting > from outside the network. Any suggestions? >Look at the messages being logged and see why the dropped traffic doesn''t match your rule(s). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote: | | |>It is also |>dropping UDP port 1701, don''t know if it is of any significance. | | | It''s not. | I''ll take that back -- UDP port 1701 is the UDP part of L2TP so your client may be trying to use L2TP if PPTP fails. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBM3xsO/MAbZfjDLIRAmgQAKCySyGk/I9kWecfp8vm/oJrLOtdbQCdEtbX lsIoY1dYDsD/Hy0Lumjtm2M=VsuK -----END PGP SIGNATURE-----