Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do you get VPN access through a firestarter firewall

Status
Not open for further replies.
dariwe

dariwe

Programmer
May 10, 2000
17
US
I have a windows 2000 DC that I am trying to make a VPN connection with. I and am running a redhat box with Firestarter as my firewall. The VPN settings appear to be correct a session can be established from inside of the network. Port 1723 is forwarded to the win2k box, but when I try to establish a connection, I get a error saying that it cannot connect. Other ports are forwarding correctly as I can can view the website that is hosted on win2k box.

Any help you can give would be appreciated.
 
Sort by date Sort by votes
You also need to forward protocol 47. Note that that is PROTOCOL 47 not port 47.
 
Upvote 0 Downvote
Thanks for your reply. I've been looking all over the net and so far haven't found a set of instructions that has helped me to get this going. Do you know of a place where I can find out how to forward that protocol?

thanks again.
 
Upvote 0 Downvote
Well, honestly, I was hoping someone else would pick up this thread. I don't do Firestarter. Not that I know of anything bad about it, I just prefer to handle rules myself.

The only decent Firestarter info I can find is at the Firestarter Sourceforge page
In particular, you might want to click on 'mailing list' at the top and post a question there. You might also try a post here in forum54 (Linux Server).

Having said that, I did poke around at the Firestarter mailing list a bit myself. It looks to me like Firestarter will use either ipchains or iptables. I would hope you are using iptables. If so, you would need to add rules something like:

$IPTABLES -A INPUT -s xxx.xxx.xxx.xxx/24 -i $EXTIF -p 47 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p 47 -j ACCEPT

You will need to change the $IPTABLES to whatever variable your script uses to point to iptables, change the $EXTIF to whatever interface is connected to the internet, ie eth1, and change the xxx.xxx.xxx.xxx/24 to the network/subnet that you are connecting from. You might want to remove the whole -s xxx.xxx.xxx.xxx/24 until you get up and running.

Now, the problem is, I am not sure where to put it. I didn't have time to dig through the stuff at sourceforge to find where firestarter puts the script. Also, that is a iptables rule, it will need to be modified to work with ipchains if that is what you are running.

Make up your own disclamer and insert here. I don't know anything, proceede at your own risk, gremlins might destroy your computer if you do this, etc.

Hope this gives you some idea where to go from here.
 
Upvote 0 Downvote
thanks a lot for your help...that gives me a good place to start
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
242
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
318
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top