server on firewall as well as client nat'd behind it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Ok, here's the situation:

firewall is running pptpd, and so needs INPUT chain rules to accept tcp port 1723 and gre packets.
client behind the firewall initiates an outbound pptp session to a remote pptp server, which the firewall masquerades.

The client pptp session fails because the inbound gre packets from the remote pptp server are seen by the INPUT rule that's there for the local pptp server, and so presumably never get to the nat table or any stateful inspection that would route them back to the nat'd client.
Removing the INPUT rules allows the nat'd pptp client to establish a connection to the remote server fine.

Is there any way to have a ruleset that will allow the local pptp server on the firewall to co-exist with nat'd pptp clients behind it?

Any help greatly appreciated.

Regards,

Dennis
---
Dennis Mills,   Director,   Track Right Technology Pty Ltd
Phone: +61 3 9533 0200,   Fax: +61 3 9533 0211,   Mobile: +61 414 303 429
Email: Dennis.Mills@xxxxxxxxxxxxxxxxx
Web: http://www.TrackRight.com.au
A member of CRCinabox: http://www.crcinabox.org

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux