|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Down the MPD road
From: Eric Anderson (anderson
centtech.com)
Date: Sat May 10 2003 - 09:19:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Collette wrote:
>[..snip good stuff..]
>The probs:
> Apparently PPTP actually puts the remote machine IN the target network.
>Sorry, I'm still pretty green on this PPTP stuff. Works a good bit different
>than IPSec. Anyhow, once the remote box is connected all the connections to
>the rest of the Internet are now coming from behind the firewall. That'd be
>cool if it worked reliably.
> While connected, when I attempt to browse around the public Internet some
>pages just don't load, where others do. No rhyme or reason, and nothing
>showing up in my logging of all denied packets via ipfw. For example, I can
>hit CNN without a problem, then when I try news.google it never loads a page.
>I can hit the main Yahoo page, but any of their other sites won't go. Really
>odd.
>
>I'm not sure if I've got an ipfw or mpd problem at this point. I've tried a
>dozen different ways to open up ipfw a LOT while still keeping it reasonably
>closed. This thing is in production and all. If it'd help, I'll post the
>relevant rule list here.
>
[..more snipping..]
Ok, I saw these problems too.. Remember that the vpn'd client's data is
coming through the firewall, to the ng0 interface, and then leaving from
there (when "surfing the net"), so you will have to have NAT set up (of
some sort) and make sure your rules are open enough to allow the
firewall to send packets from the ng0 interface on out and have them
natted.. Some of your pages are probably loading from a cache, and not
others... also, you may want to add these lines to mpd.conf:
set iface enable proxy-arp
set iface mtu 1440
I found it fixed all my odd problems that I was having with XP clients..
Eric
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]