external connections give error 619
Max Laier
max at love2party.net
Sat Jan 22 11:34:36 PST 2005
On Saturday 22 January 2005 07:24, dave wrote:
> Hello,
> I've got a FreeBSD vpn server with mpd going behind a pf firewall/nat
> setup. All works when internal machines connect, yet whenever i try to
> connect from an external address that is outside my network i get an error
> 619 "The specified port is not connected." Googling shows that i should
> pass both tcp port 1723 and gre traffic, this i do. My vpn box is
> 192.168.1.3, server logs show the verification of the username/password and
> the atempt to establish the connection, but then it fails, just goes down.
> Any ideas?
Not without a bit more detail about your setup. For instance, how do external
clients talk to the vpn server on it's private IP? Do you use rdr for this?
Is the vpn server aware that it sits behind a NAT firewall?
Also make sure that you log blocked traffic. See pflog(4)::EXAMPLES for
details on how to watch blocked traffic. This is the easiest way to ensure
that you really pass everything that is required. If nothing suspicious
turns up there, you can try to raise the debug level of pf by issueing:
"$pfctl -x misc". Watch your console log for BAD state messages. If
anything pops up there, please let us know.
In any case, if you are stuck please reply with more details such as a
detailed setup description and pf.conf.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050122/86490117/attachment.bin
More information about the freebsd-pf
mailing list