Motorola Router 6161252-00-01 ユーザーズマニュアル

For PPTP negotiation to work, TCP packets inbound and outbound destined for por t 1723 must be allowed. 
Likewise, for ATMP negotiation to work, UDP packets inbound and outbound destined for por t 5150 must be 
allowed. Source por ts are dynamic, so, if possible, make this flexible, too. Additionally, PPTP and ATMP both 
require a firewall to allow GRE bi-directionally.

The following sections illustrate a sample filtering setup to allow either PPTP or ATMP traffic to cross a firewall:

Make your own appropriate substitutions. For more information on filters and firewalls, see 

.

To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP 
packets specifically destined for por t 1723. The source por t may be dynamic, so often it is not useful to apply 
a compare function upon this por tion of the control/negotiation packets. You must also set the firewall to allow 
inbound and outbound GRE packets, enabling transpor t of the tunnel payload.

From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select Basic Firewall.

Select Display/Change Input Filter.

Select Input Filter 1 and press Return. In the Change Input Filter 1 screen, set the Destination Por t information 
as shown below.

Main

Menu

System

Filter

Sets

Display/Change

Filter Set

Configuration

Basic

Firewall

   +--#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd--+
   +---------------------------------------------------------------------------+
   | 1    0.0.0.0           0.0.0.0           TCP   NC       =2000   Yes No    |
   | 2    0.0.0.0           0.0.0.0           TCP   NC       =6000   Yes No    |
   |                                                                           |
   +---------------------------------------------------------------------------+