iptables and pptp server problem
Trevor
trevor at gnuguy.com
Wed Jul 28 17:24:01 UTC 2004
I have a PPTP server inside (green) a network. The old firewall was
ipchains-based, and now it's iptables. I can't seem to figure out how to
route GRE (protocol 47) and 1723 so that it works.
I used ipfwd [http://catfish.csail.mit.edu/~cananian/Projects/IPfwd/] on the
ipchains side and that worked, but it doesn't work anymore on the 2.4
kernel.
Internet -> 2.4/iptables firewall (204.xxx.xx.xx/192.168.0.x) -> PPTP VPN
Server (192.168.0.x)
I've tried adding these lines to my firewall script:
vpnserver="192.168.0.2"
RED_DEV="eth1"
iptables -N pptp
iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
iptables -I FORWARD -j pptp
iptables -t nat -N pptp
iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to
$vpnserver:1723
iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
iptables -t nat -A PREROUTING -j pptp
With no success. I suspect that it could be the mppe-ppp modules causing
problems. I'm sure that TCP/port 1723 is forwarding properly... but that's
all I see when I do a "iptstate" when trying to connect.
Trev.
More information about the fedora-list
mailing list