Allowing GRE in IPFILTER

Murray Taylor mtaylor at bytecraft.com.au
Wed May 4 17:02:17 PDT 2005


On Thu, 5 May 2005 02:59, Calvin Lane wrote:
> Hello everyone,
> 
> I've recently installed and configured mpd. I've been able to establish VPN 
> connections with no problem internally on my network. When I attempt to 
> establish a connection through my firewall, I get a number of error 
> messages. The problem is that I'm not allowing GRE to get through on my 
> firewall. Here is currently what I have:
> 
> pass in quick on xl0 proto gre from any to
> 192.168.10.253/24<http://192.168.10.253/24>
> pass out quick on xl0 proto gre from
> 192.168.10.253/24<http://192.168.10.253/24>to any
> 
> Please let me know what the correct syntax is for allowing gre traffic 
> through through an ipfilter firewall running BSD 4.10. Thanks.
> 
> Calvin
> 
> calvin.lane at gmail.com
>

This works for my win2k laptop to access work through 
my FreeBSD 4.9 / ipf firewall

you need the TCP port 1723 for initial establishment

(The variables are from the shell script I use to reset things when
my ISP changes my ip number)

----------8<-----------------

oif="rl0"                               # internet side interface
myip="xxx.xxx.xxx.xxx"    # internet IP number from ISP DHCP
ks="keep state"
fks="flags S keep state"

----------8<-----------------
#
# pptp and gre for Work VPN  outbound
#
pass out quick on $oif proto tcp from any to any port = 1723 $fks
pass out quick on $oif proto gre from any to any 

----------8<-----------------
#
# GRE vpn stuff (inbound from work)
#
pass in quick on $oif proto gre from yyy.yyy.yyy.yyy to any 




-- 
Murray Taylor
Special Projects Engineer
----------------------
-----------
Bytecraft Systems & Entertainment
Phone: 61 3 8710 2555

Email: mtaylor at bytecraft.com.au
or visit us on the web
http://www.bytecraftsystems.com
http://www.bytecraftentertainment.com

---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material. 

E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------

***This Email has been scanned for Viruses by MailMarshal.***


More information about the freebsd-questions mailing list