Sziasztok!
Próbálok tűzfal mögül mikrotikhez csatlakozni pptp-vel, de valami oknál fogva nem megy.
A tűzfalon engedélyeztem kifelé és befelé forwardolva a 1723 és 47-es portokat. ip_forward = 1.
Ha windows kliensel próbálok kapcsolódni "A felhasználónév és jelszó ellenőrzés"-ig eljut, majd 619-es hibával kidob.
Már több oldalt átnéztem itt a hup-on és a googleban is, de igazi megoldást nem találtam.
Annyi biztos, hogy a tűzfallal lesz gond, mert máshonnan be tudok lépni, de nem jövök rá mi a hiba.
Még annyit, hogy firestarter vezérli a tűzfalbeállítást.
Csak az Output lánc port 1723(tcp)-nél nem 0 a számláló, a forward port 1723 az 0.
- 4739 megtekintés
Hozzászólások
Az nem 47-es port hanem 47-es protokoll (GRE)..........
- A hozzászóláshoz be kell jelentkezni
Tudom, de több helyen olvastam, hogy a 47-es portot is ki kell engedni.
- A hozzászóláshoz be kell jelentkezni
Ha az angol szövegnek jobban hiszel, mint a magyarnak...
"Port 1723 is correct. Port 47 is not correct. I see this mistake too many times. Port 47 that many people refer to is NOT TCP/UDP. It is IP protocol 47 which is GRE. Port 47, according to http://www.iana.org/assignments/port-numbers is actually NI FTP.
Your router or firewall must have PPTP pass-through to allow the GRE 47 to pass. This is in addition to port 1723."
- A hozzászóláshoz be kell jelentkezni
Az nf_nat_pptp és nf_conntrack_pptp kernelmodulok be vannak töltve? Ha igen, és úgy sem megy, légy szíves másold be a Firestarter által generált ide vonatkozó tűzfalszabályokat.
- A hozzászóláshoz be kell jelentkezni
a modulok metöltése után se lett változás.
A tűzfalrészlet:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 10.0.0.5
INBOUND all -- anywhere
INBOUND all -- anywhere 10.0.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT tcp -- anywhere 10.0.0.24 tcp dpt:1723
ACCEPT udp -- anywhere 10.0.0.24 udp dpt:1723
ACCEPT tcp -- anywhere 10.0.0.24 tcp dpt:47
ACCEPT udp -- anywhere 10.0.0.24 udp dpt:47
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere 10.0.0.255
ACCEPT all -- anywhere 10.0.0.0/24
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:1723
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:1723
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:47
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:47
LSO all -- anywhere anywhere
- A hozzászóláshoz be kell jelentkezni
Itt valami nem tiszta. Ha jól értettem, a kliens van eme tűzfal mögött. Viszont a FORWARD-ban, és az OUTBOUND-ban nincs olyan szabály, ami a GRE-t visszaengedné, ugyanis RELATED és ESTABLISHED csak TCP-re szerepel, a GRE pedig nem TCP. Az LSO-t pedig nem másoltad be (meg a natos részeket sem).
Persze lehet, hogy valami elkerülte a figyelmemet.
A kliens IP-je egyébként a 10.0.0.24, vagy a 10.0.0.244 lenne? Gondolom, az utóbbi.
- A hozzászóláshoz be kell jelentkezni
A tűzfal javítva. Módosításkor kiekült egy-két dolog az elöbbiből.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 10.0.0.10
INBOUND all -- anywhere
INBOUND all -- anywhere 10.0.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT tcp -- anywhere 10.0.0.244 tcp dpt:1723
ACCEPT udp -- anywhere 10.0.0.244 udp dpt:1723
ACCEPT tcp -- anywhere 10.0.0.244 tcp dpt:47
ACCEPT udp -- anywhere 10.0.0.244 udp dpt:47
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:www
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:microsoft-ds
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:microsoft-ds
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:ntp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:ntp
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpt:loc-srv
Chain LSI (4 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (1 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere 10.0.0.255
ACCEPT all -- anywhere 10.0.0.0/24
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:www
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:www
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:imap2
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:imap2
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:domain
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:domain
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:pop3
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:pop3
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:smtp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:25
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:https
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:https
ACCEPT tcp -- anywhere tcp dpt:ntp
ACCEPT udp -- anywhere udp dpt:ntp
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:webcache
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:8080
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:ntp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:ntp
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:daytime
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:daytime
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:1723
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:1723
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:47
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:47
LSO all -- anywhere anywhere
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:1723 to:10.0.0.244:1723
DNAT udp -- anywhere anywhere udp dpt:1723 to:10.0.0.244:1723
DNAT tcp -- anywhere anywhere tcp dpt:47 to:10.0.0.244:47
DNAT udp -- anywhere anywhere udp dpt:47 to:10.0.0.244:47
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
- A hozzászóláshoz be kell jelentkezni
A tűzfal javítva. Módosításkor kiekült egy-két dolog az elöbbiből.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 10.0.0.10
INBOUND all -- anywhere
INBOUND all -- anywhere 10.0.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT tcp -- anywhere 10.0.0.244 tcp dpt:1723
ACCEPT udp -- anywhere 10.0.0.244 udp dpt:1723
ACCEPT tcp -- anywhere 10.0.0.244 tcp dpt:47
ACCEPT udp -- anywhere 10.0.0.244 udp dpt:47
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 10.0.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:www
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:microsoft-ds
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:microsoft-ds
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:ntp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:ntp
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpt:loc-srv
Chain LSI (4 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (1 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere 10.0.0.255
ACCEPT all -- anywhere 10.0.0.0/24
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:www
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:www
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:imap2
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:imap2
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:domain
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:domain
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:pop3
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:pop3
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:smtp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:25
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:https
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:https
ACCEPT tcp -- anywhere tcp dpt:ntp
ACCEPT udp -- anywhere udp dpt:ntp
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:webcache
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:8080
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:ntp
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:ntp
ACCEPT tcp -- 10.0.0.0/24 anywhere tcp dpt:daytime
ACCEPT udp -- 10.0.0.0/24 anywhere udp dpt:daytime
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:1723
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:1723
ACCEPT tcp -- 10.0.0.244 anywhere tcp dpt:47
ACCEPT udp -- 10.0.0.244 anywhere udp dpt:47
LSO all -- anywhere anywhere
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:1723 to:10.0.0.244:1723
DNAT udp -- anywhere anywhere udp dpt:1723 to:10.0.0.244:1723
DNAT tcp -- anywhere anywhere tcp dpt:47 to:10.0.0.244:47
DNAT udp -- anywhere anywhere udp dpt:47 to:10.0.0.244:47
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Mikrotik log:
pptp-info TCP connection established from
pptp-0: waiting for call...
pptp-0: terminating...
pptp-0: disconnected
- A hozzászóláshoz be kell jelentkezni
http://lmgtfy.com/?q=linux+firewall+pptp+passthrough
elso talalat...
kell hozza a forward: echo 1 > /proc/sys/net/ipv4/ip_forward
kell hozza a masquerade: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
meg a 2 masik szabaly:
# Port 1723 is used by pptp. For secure operations limit the
# source IP via -s x.x.x.x as well!
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
# PPTP used not tcp or udp, but gre (protocol number 47).
# Let it in as well.
iptables -A INPUT -p 47 -j ACCEPT
ha ezek utan se tudod megcsinalni, akkor iratkozz be valami tanfolyamra, illetve javaslom meg Andrew S. Tanenbaum: Szamitogephalozatok cimu konyvet, nagyon hasznos...
- A hozzászóláshoz be kell jelentkezni
írtam már, hogy az ip_forward 1. Masquerade van, portok forwardolva és kiengedve.
csak a portokollt nem engedtem be. :S
- A hozzászóláshoz be kell jelentkezni
Ha jól látom, a GRE még mindig nincs átengedve, csak TCP, UDP, ICMP-ről szólnak a szabályok a kimenő irányú forgalomra nézve.
Miután a GRE-t is engedélyezed, és esetleg továbbra sem menne, nézd meg a tűzfal logját, látszania kellene valaminek.
- A hozzászóláshoz be kell jelentkezni
Huh, most látom erre nem válaszoltam. Elnézést!
Igen, te protokollról beszéltél én meg portról :). Átengedtem, most már megy.
Köszönöm szépen!
- A hozzászóláshoz be kell jelentkezni