Hello, Mr Administrator, > I have iptable 1.26 setup on a Redhat 8 server. This server also needs to > function as a PPTP VPN server. It appears that PoPToP is the only reasonable > way to acomplish that. I can get PoTPoP to work but I am told that I need to > be able to pass GRE packets. > It looks like there is a patch to do this but requires patch-o-matic. > Looking at the README, it looks like I run a command called runme. and then > recompile the Kernel. > I'm yet to go through the recompile. Anybody willing to help the > inexperienced become experienced? You don't need any patch-o-matic, the functionality is built into iptables since long ago. You just need to allow in Protocol 47 (GRE) as well as TCP port 1723 (PPTP control channel). So the following rules should do it: iptables -I INPUT -i <external-interface> -p tcp --dport 1723 -j ACCEPT iptables -I INPUT -i <external-interface> -p 47 -j ACCEPT If you only need connections from certain IP addresses, then you can narrow this down in order to protect your PPTP server from intruders. By the way, if you make a custom kernel with the PPTP NAT patch, then it may cause problems with running a PPTP server on the same machine (at least, I saw this in one case, but I didn't build that kernel so I don't know exactly which patch was used). Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
