tech-net: Re: GRE through IPNAT firewall

Subject: Re: GRE through IPNAT firewall
To: None <port-i386@netbsd.org, tech-net@netbsd.org>
From: NetBSD Mailing-List <netbsd@kevcom.ca>
List: tech-net
Date: 07/20/2001 00:10:20

Okay, it's working now...

This is the line I needed to add to /etc/ipnat.conf:

rdr tl0 0/0 port 0 -> 1.1.1.2 port 0 gre

(this is not documented in the man page)

Kevin

On Thu, 19 Jul 2001, NetBSD Mailing-List wrote:

> I am having the darndest time getting GRE through this NetBSD-1.5.1 box to
> its internal network.  I have an NT PPTP server (don't ask) that is
> waiting for VPN connections on the inside.  My ipnat.conf looks like this:
> 
> map tl0 1.1.1.2/32 -> 0/32 portmap tcp/udp 40000:60000
> map tl0 1.1.1.2/32 -> 0/32
> rdr tl0 0/0 port 1723 -> 1.1.1.2 port 1723 tcp
> 
> tl0 is my external interface (dynamic ip via cable modem) and tl1 is the
> internal, with address 1.1.1.1.  The NT server of course is at 1.1.1.2.
> 
> When trying to establish a connection from the outside, tcpdump -n proto
> 47 or port 1723 shows:
> 
> ...