I have a Centos 7 server running firewalld to allow public services to access internal services on a separate VLAN (dual NICs). I imported a Windows VM but I do not know what rules I need to put in place to allow GRE through firewalld, other than opening 1723. All the questions and guides I find online never to setting PPTP on the Centos 7 box itself, rather than passing it through to a routed IP (in this case the windows server).
Asked
Active
Viewed 5,257 times
2 Answers
5
On my rhel7 servers which allow access to a PPTP VPN I set the following in addition to opening the port:
sudo firewall-cmd --permanent --zone=public --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
sudo firewall-cmd --permanent --zone=public --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT
sudo firewall-cmd --permanent --zone=public --add-masquerade
sudo firewall-cmd --reload
hvindin
- 206
- 1
- 4
0
On my CentOS 8.3 server, the commands suggested for rhel7 did not work.
The commands that worked for me were:
firewall-cmd --permanent --new-service=pptp
cat >/etc/firewalld/services/pptp.xml<<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<port protocol="tcp" port="1723"/>
</service>
EOF
firewall-cmd --permanent --zone=public --add-service=pptp
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-protocol=gre
firewall-cmd --reload
These command are for opening the port, and for allowing the gre protocol through.
Note that you need to run these command as root, or prepend 'sudo' to all of them.
Nadav Aharoni
- 1
- 2