PPTP also uses ip protocol 47, so use something like: iptables -t nat -A PREROUTING -d $EXTERNALIP -p 47 -j DNAT --to 192.168.1.150 I know there was a conntrack module, and I am not sure if that was only for SNAT or if it did DNAT as well. -----Original Message----- From: Remus [mailto:rmocius@xxxxxxxxxxxxxx] Sent: Tuesday, March 25, 2003 5:09 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Microsoft PPTP VPN server behind FIREWALL Hi folks, I have running the Microsoft PPTP VPN server behind my Firewall with MASQ. I tried to use this command to make a forward to itenal IP address: iptables -t nat -A PREROUTING -d $EXTERNALIP -p tcp --dport 1723 -j DNAT --to 192.168.1.150:1723 But it doesn't work, I mean I cannot connect to my VPN server from outside. Any ideas or issues? Thank you in advance for the help. :-) Remus
