New Zealand ADSL Mailing List


RE: MS PPTP through Nokia M10

From: rob.edkins_at_axon.co.nz
Date: Tue, 4 Apr 2000 15:37:27 +1200
Message-ID: <42CCA0F98530D111A77900805F0D52B301738A98@ax-akl-exchange.axon.co.nz>

Mike Smith wrote:
 
> Has anyone got MS PPTP through from a Win98 box using VPN to a NT4 server
behind a M10? If so, how did you accomplish it?

Nope, but I've gone the other way. In theory, the pinhole for GRE should
work the same and you'll have to add one for TCP 1723.

You'll need a static IP address on the Nokia, and in the 98 VPN client
remember to check the 'Require encrypted password' boxes.

Pinhole 1

External Starting Port: 0 (Doesn't actually matter what port number you use,
irrelevant to GRE)
External Ending Port:0
Protocol: PPTP
Internal Port:0
Internal IP Address: {Insert your PPTP server here}

Pinhole 2
(assuming you only want PPTP inbound)
External Starting Port: 1723
External Ending Port:1723
Protocol: TCP
Internal Port:1723
Internal IP Address: {Insert your PPTP server here}

> Has anyone got MS Proxy server 2 to work behind a M10? Did you put two
NICs in one box and subnet the M10 away from the internal lan?

Again, I've done a few Proxy server implementations but not on ADSL.

However, the above configuration is a typical implementation of MS Proxy as
a proxy-based firewall. (Not my favourite firewall, but not an expensive
one).

In this case you would probably want to push all TCP and UDP through to the
proxy.

So for this scenario, with PPTP (Assuming your MS Proxy is also your PPTP
server).

Pinhole 1

External Starting Port: 0 (Doesn't actually matter what port number you use,
irrelevant to GRE)
External Ending Port:0
Protocol: PPTP
Internal Port:0
Internal IP Address: {Insert your PPTP server here}

Pinhole 2

External Starting Port: 1
External Ending Port:65536
Protocol: TCP
Internal Port:1
Internal IP Address: {Insert your Proxy server here}

Pinhole 3
External Starting Port: 1
External Ending Port:65536
Protocol: UDP
Internal Port:1
Internal IP Address: {Insert your Proxy server here}

You could add one for ICMP, so people can ping your server, but I tend not
to allow a firewall to respond to pings. Makes things a little more
difficult for some port scanners.

Rob

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Tue Apr 4 15:38:26 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:03 2006 EST