Allowing GRE in IPFILTER
Murray Taylor
mtaylor at bytecraft.com.au
Wed May 4 17:02:17 PDT 2005
On Thu, 5 May 2005 02:59, Calvin Lane wrote:
> Hello everyone,
>
> I've recently installed and configured mpd. I've been able to establish VPN
> connections with no problem internally on my network. When I attempt to
> establish a connection through my firewall, I get a number of error
> messages. The problem is that I'm not allowing GRE to get through on my
> firewall. Here is currently what I have:
>
> pass in quick on xl0 proto gre from any to
> 192.168.10.253/24<http://192.168.10.253/24>
> pass out quick on xl0 proto gre from
> 192.168.10.253/24<http://192.168.10.253/24>to any
>
> Please let me know what the correct syntax is for allowing gre traffic
> through through an ipfilter firewall running BSD 4.10. Thanks.
>
> Calvin
>
> calvin.lane at gmail.com
>
This works for my win2k laptop to access work through
my FreeBSD 4.9 / ipf firewall
you need the TCP port 1723 for initial establishment
(The variables are from the shell script I use to reset things when
my ISP changes my ip number)
----------8<-----------------
oif="rl0" # internet side interface
myip="xxx.xxx.xxx.xxx" # internet IP number from ISP DHCP
ks="keep state"
fks="flags S keep state"
----------8<-----------------
#
# pptp and gre for Work VPN outbound
#
pass out quick on $oif proto tcp from any to any port = 1723 $fks
pass out quick on $oif proto gre from any to any
----------8<-----------------
#
# GRE vpn stuff (inbound from work)
#
pass in quick on $oif proto gre from yyy.yyy.yyy.yyy to any
--
Murray Taylor
Special Projects Engineer
----------------------
-----------
Bytecraft Systems & Entertainment
Phone: 61 3 8710 2555
Email: mtaylor at bytecraft.com.au
or visit us on the web
http://www.bytecraftsystems.com
http://www.bytecraftentertainment.com
---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material.
E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------
***This Email has been scanned for Viruses by MailMarshal.***
More information about the freebsd-questions
mailing list