[PVE-User] pve-firewall and pptp
Dietmar Maurer
dietmar at proxmox.com
Fri Mar 3 06:22:53 CET 2017
> On March 2, 2017 at 10:15 PM Pavel Kolchanov <pavel.kolchanov at gmail.com>
> wrote:
>
>
> Hello.
>
> I have enabled GRE and PPtP macro in firewall:
>
> cat /etc/pve/firewall/cluster.fw
> [OPTIONS]
>
> policy_in: REJECT
> enable: 1
>
> [RULES]
>
> GROUP vpn
> GROUP basic-node
>
> [group basic-node]
>
> IN Ping(ACCEPT)
> IN ACCEPT -p tcp -dport 8006 # Proxmox Web Interface
> IN ACCEPT -p tcp -dport 22444 # SSH
>
> [group vpn]
>
> OUT GRE(ACCEPT)
> IN GRE(ACCEPT)
> IN PPtP(ACCEPT)
>
> But still cannot connect to pptpd until executed following commands:
>
> iptables -I INPUT -p gre -j ACCEPT
> iptables -I OUTPUT -p gre -j ACCEPT
I tested here, and pve-firewall adds similar rules when you use the GRE macro.
Please test with:
# iptable-save|grep gre
More information about the pve-user
mailing list