[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf/nat & PPTP _client_ question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: pf/nat & PPTP _client_ question
From: Pete Leonard <pete_(_at_)_hero_(_dot_)_com>
Date: Wed, 4 Sep 2002 00:04:35 -0700 (PDT)

Hey folks,

Setup:

OpenBSD as my home firewall/server.  All clients within are DHCP'd.

I have a work laptop that I use regularly at home.  To connect to the
office environment, it's PPTP (don't ask - trust me, I've asked for better
w/o luck..).

So I've got everything up & running under OpenBSD 3.1.  Removed GRE
support, added the following rules to the firewall:

pf.conf:
pass in  quick on $ExtIF proto gre all keep state
pass out quick on $ExtIF proto gre all keep state
pass in  quick on $ExtIF proto 53 all keep state
pass out quick on $ExtIF proto 53 all keep state

nat.conf:
rdr on $ExtIF proto gre from any to $ExtIF -> 192.168.7.33 
rdr on $ExtIF proto tcp from any to $ExtIF port 1723 -> 192.168.7.33

And everything works fine.  

Here's the question - Is it possible to re-configure this so that I don't
need to hardcode the 192.168.7.xxx IP address, but rather, have it adapt
so that I don't need to re-configure NAT every single time I connect a
client with a different IP address?

I've done plenty of searching on this - all examples seem to point to
active FTP & using ftp-proxy, or deal with the example of a VPN *server*
behind the firewall, running with a static IP.  Is the issue that some
kind of PPTP proxy would be required in this case?

What do people do when the FAQs aren't deep enough, the mail archives
aren't addressing your issue, and your expertise isn't extensive enough to
continue?

	thanks,

	--peter

Prev by Date: Re: pf configuration
Next by Date: Re: VPN setup
Previous by thread: Re: Mac OS X and openBSD
Next by thread: Re: Drivers for DLink DFE580-TX wanted...
Index(es):
- Date
- Thread

Visit your host, monkey.org