PPTP server

Sandy Green sand232 at YAHOO.COM
Fri Feb 25 14:25:52 EST 2000


IP protocol is not a port. It is IP protocol number.
eg. IP protocol no 6 ----> TCP
      IP protocol no 17---> UDP
similarly IP protocol no 47 ----> GRE general routing
encapsulation protocol. (i do not know the details but
for our understanding in PPTP it should suffice that
it needs this protocol.
port numbers are used by TCP and UDP.
IP protocol number is a field which is embedded in a
IP packet. The firewall is designed to read the
contents
of the IP header and the IP protocol number is also
adjacent (next to the IP header field).
look into any text book as to how a IP packet looks
like and you will see that there is someting called as
IP protocol number.
Hence to allow connections through your router you
would need to rules. one to allow TCP port 1723 and
the other rule to allow IP protolocol number 47.
I do not know what firewall router you are using but
if it is cisco with the firewall feature set then you
would
need rules in both directions as well.
hope this helped

sandy


--- John Hayward <John.C.Hayward at wheaton.edu> wrote:
>
> > installed on the hosts. And if one is using PPTP
> in
> > all
> > probability it would need to be able to go through
> a
> > firewall. For the Firewal to allow PPTP traffic to
> > flow
> > through it you would need the following to be
> opened
> > between the relevant sources/desinations...
> > TCP port 1723 and IP protocol no 47 (which is
> GRE).
>
> I'm a bit confused by IP protocol no 47.  Is this a
> port number or
> something else.  We have a person attempting to
> connect via pptp thru
> our firewall router  and we generally block ports
> below 1024.  I did a
> tcpdump and can see connections going to port 1723
> and acks coming back
> but it dies at some point in the negociations.  Does
> port 47 have to be
> open or might the the router be blocking protocol no
> 47 (GRE)?
>
> TIA
>
> johnh...
> >
> > -sandy
>
>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list