NATing PPTP connections
Yann Bizeul
ml at tynsoe.org
Wed Mar 23 22:14:50 UTC 2005
Hello List.
After weeks of trying to configure this simple thing that used to work
on older release/distro (RH based) I decided to bother you with my
problem.
I use FC3, fully up to date 2.6.10-1.770_FC3.
What I want to do is pretty simple : Connect to my VPN at work, from
home, using a machine that is on the LAN.
What I did when it worked was pretty simple, I only forwarded port
1723/tcp to the LAN address of my machine.
But that no longer works. Now this seem to be a gre problem, tcpdump
log this :
22:50:35.651866 IP vpn.****.*** > ***.******.org: call 18358 seq 1
gre-ppp-payload
22:50:38.645716 IP vpn.****.*** > ***.******.org: call 18358 seq 2
gre-ppp-payload
This seem to never go to my LAN machine, which is 192.168.12.150
Here are my firewall rules (filter table is ACCEPT everywhere):
Chain PREROUTING (policy ACCEPT 793K packets, 41M bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- eth0 any anywhere
anywhere tcp dpt:1723 to:192.168.12.150
0 0 DNAT gre -- eth0 any anywhere
anywhere to:192.168.12.150
Chain POSTROUTING (policy ACCEPT 3759 packets, 416K bytes)
pkts bytes target prot opt in out source
destination
1102 64927 MASQUERADE all -- any eth0 anywhere
anywhere
Chain OUTPUT (policy ACCEPT 88544 packets, 5382K bytes)
pkts bytes target prot opt in out source
destination
I tried with and without forcing GRE nat without success, as you see,
0 packets traverse the rule.
I would like to avoid recompiling the kernel and play hours with POM
to patch with a hazardous pptp nat module under 2.6, I hope some day
this will be merged with the FC kernel...
Any idea people ? Nobody using FC3 as a gateway to connect to PPTP
servers ?
Thabks for your help.
--
Yann Bizeul - yann at tynsoe.org
Please use this e-mail when writing to me.
You can visit my projects at this address :
http://projects.tynsoe.org/
(BuddyPop - GeekTool - SSH Tunnel Manager...)
More information about the fedora-list
mailing list