Gentlemen, Good Night gentlemen, Favours the tips of the gentlemen I obtained, to make a Server VPN in SuSE with PPTP, already I obtain the VPN, only that when I receive the IP from creaks it specified in the VPN server, I do not obtain to make nothing, Therefore my request of ms-dns, ms-wins is DROPs for the FW, for Anti-spoofing, some of the gentlemen knows as I can decide this? In mine opitions.pptp, is with the options of ms-dns and ms-wins, is necessary? or the Client Vpn would assume this automatically? Fabio Sena Brasil-PE My configuration in pptpd.conf debug localip 10.10.40.250 My ip address in eth1(internal lan) remoteip 10.10.40.251-254 listem 200.xxx.xxx.xxx My ip address in eth0(external) My configuration in options.pptp name fwpro.cyberland.com.br lock mtu 1490 mru 1490 proxyarp noauth -chap -chapms +chapms-v2 #chapms-strip-domain ipcp-accept-local ipcp-accept-remote lcp-echo-failure 5 lcp-echo-interval 8 deflate 0 mppe-128 mppe-stateless require-chap #require-mppe #require-mppe-stateless debug -detach proxyarp asyncmap 0 mppe-stateless ms-wins 10.10.30.2 ms-dns 200.249.140.2 netmask 255.255.0.0 When I am Loged in Way pptp in the Vpn server, I am receiving these messages from the SuSEfirewall2, Exactly stopping the SuSEfirewall2, come across myself with these messages. Nov 18 11:01:25 fwpro kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ppp0 OUT= MAC= SRC=10.10.40.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=1165 PROTO=UDP SPT=137 DPT=137 LEN=76 Nov 18 11:01:28 fwpro kernel: SuSE-FW-DROP-ANTI-SPOOF IN=ppp0 OUT= MAC= SRC=10.10.40.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=1175 PROTO=UDP SPT=137 DPT=137 LEN=76 Nov 18 11:01:30 fwpro kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:90:27:75:b5:8d:00:10:7b:00:63:94:08:00 SRC=200.249.140.58 DST=200.249.140.20 LEN=129 TOS=0x00 PREC=0x00 TTL=126 ID=1564 PROTO=47 Nov 18 11:01:38 fwpro pppd[10483]: sent [CCP ConfReq id=0x3] Nov 18 11:01:46 fwpro kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:90:27:75:b5:8d:00:10:7b:00:63:94:08:00 SRC=200.249.140.58 DST=200.249.140.20 LEN=129 TOS=0x00 PREC=0x00 TTL=126 ID=1566 PROTO=47 in the SuSEfirewall2 mine config # Common: smtp domain FW_SERVICES_EXT_TCP="110 1723 53 ssh" # Common: domain FW_SERVICES_EXT_UDP="137 53 500" # Common: domain # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="gre 47" # # Common: smtp domain FW_SERVICES_DMZ_TCP="" # Common: domain FW_SERVICES_DMZ_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_IP="" # # Common: ssh smtp domain FW_SERVICES_INT_TCP="53 42 135:139 1723 5800 5900" # Common: domain syslog FW_SERVICES_INT_UDP="42 53 135:139" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_IP="47 gre" On Mon, 2002-11-18 at 04:35, Fabio Sena wrote:

----- Original Message ----- From: "Fabio Sena" To: Sent: Thursday, November 14, 2002 6:21 PM Subject: [suse-security] Request of servers wins and servers dns, By VPN PPTP

...

Good Night gentlemen,

Favours the tips of the gentlemen I obtained, to make a Server VPN in SuSE with PPTP, already I obtain the VPN, only that when I receive the IP from creaks it specified in the VPN server, I do not obtain to make nothing, Therefore my request of ms-dns, ms-wins is DROPs for the FW, for Anti-spoofing, some of the gentlemen knows as I can decide this? In mine opitions.pptp, is with the options of ms-dns and ms-wins, is necessary? or the Client Vpn would assume this automatically?

Fabio Sena Brasil-PE

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here