you will need this if you have a pptp server (im guessing windows) behind iptables # pass packets on port 1723 straight through to vpn server $IPTABLES -A FORWARD -p TCP -s 0/0 --dport 1723 -j ACCEPT # also need to pass GRE $IPTABLES -A FORWARD -p 47 -s 0/0 -j ACCEPT #pre-routing stuff $IPTABLES -t nat -A PREROUTING -p 47 -i $INET_IFACE -j DNAT --to 192.168.100.7 (your server ip) HTH! :D ----- Original Message ----- From: "Johnoel Ancheta" <johnoel@xxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, June 25, 2003 11:15 AM Subject: RE: PPTP server behind firewall > > Have you used the pptp connection tracking modules? are they loaded? > > > > compiled the kernel with GRE and PPTP support > built in no modules. > > i building a floppy router. it works except for the vpn > support. i've had this working before using Brian Kuschak > pptp kernel patches a long time ago. since then i lost my notes. > > what are some minumum rules that would completely open up the firewall > and forward port 1723 and ip 47 to the internal private vpn server? > > i am going to try > > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD MASQ > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1723 -j DNAT > --to-destination 192.168.0.200:1723 > iptables -t nat -A PREROUTING -i eth0 -p 47 -j DNAT --to-destination > 192.168.0.200 > > any advice would be appreciated, > johnoel@xxxxxxxxxx > > >
