Man, you guys should search the archives. I seem to be posting this
every couple of weeks.
M1122's have an application layer gateway for pptp. The pinhole setup is
internal ip address, 0, 0, 0, pptp.
i.e internal port = 0, external port = 0, number of ports = 0, protocol
= pptp
See http://www.soa.co.nz/cgi-bin/fom?_recurse=1&file=1#file_52
(Nice job Chris).
You will also need to then add another pinhole for the control port:
internal ip address, 1723, 1723, 1, tcp
The reason you were getting an error is that someone at Nokia couldn't
count and 65535 is the highest number it will accept.
Pinholing icmp the way you suggest is next to useless. ICMP does not
have ports, it has types. See
http://www.iana.org/assignments/icmp-parameters.
So for example, putting zero in as a port would pinhole "echo-reply",
three would be "destination unreachable" etc. I don't know if there's
any way of pinholing icmp codes (they further define some types).
In general trying to pinhole every port is an extremely bad idea, as
testing has proved that the more ports included in a range, the slower
the modem is to respond to any single port, and may not respond at all
in some cases.
Cheers,
Andrew
On Mon, 2002-04-08 at 18:59, Simon wrote:
> Opps forgot to change the Subject.
>
> -------------------
>
> I think I might be loosing my mind...... can someone please help me find it.
>
> I am using a Nokia M1122 - SW V. Gx1x2220.R08
>
> I am trying to route pptp 1-65536, tcp port 1723 and icmp ports 1-65535 to
> my Server. Every time I try this I get an error message "Error(s) found, no
> changes were activated."
>
> My M1122 is on port 192.168.109.254 and my server has 2 network card, WAN
> connection as IP address 192.168.109.100 and the LAN connection as IP
> address 192.168.111.5
>
> I am trying to configure a dial-on-demand VPN connection, but am getting
> stuck on the NAT configuration on the M1122.
>
> Someone please help me find my mind again.
>
> Thanks,
> Simon.
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>
>
--
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@lists.unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Mon Apr 8 21:06:02 2002