[PVE-User] pve-firewall and pptp

Dietmar Maurer dietmar at proxmox.com
Fri Mar 3 06:22:53 CET 2017



> On March 2, 2017 at 10:15 PM Pavel Kolchanov <pavel.kolchanov at gmail.com>
> wrote:
> 
> 
> Hello.
> 
> I have enabled GRE and PPtP macro in firewall:
> 
> cat /etc/pve/firewall/cluster.fw 
> [OPTIONS]
> 
> policy_in: REJECT
> enable: 1
> 
> [RULES]
> 
> GROUP vpn
> GROUP basic-node
> 
> [group basic-node]
> 
> IN Ping(ACCEPT)
> IN ACCEPT -p tcp -dport 8006 # Proxmox Web Interface
> IN ACCEPT -p tcp -dport 22444 # SSH
> 
> [group vpn]
> 
> OUT GRE(ACCEPT)
> IN GRE(ACCEPT)
> IN PPtP(ACCEPT)
> 
> But still cannot connect to pptpd until executed following commands:
> 
> iptables -I INPUT -p gre -j ACCEPT
> iptables -I OUTPUT -p gre -j ACCEPT

I tested here, and pve-firewall adds similar rules when you use the GRE macro.
Please test with:

# iptable-save|grep gre



More information about the pve-user mailing list