----- Original Message ----- From: "Narti Kitiyakara" <Nkitiyakara@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, June 30, 2004 8:27 PM Subject: Microsoft VPN We're having trouble accessing our Microsoft VPN server through an iptables firewall. The first person to connect gets in fine, but we can't make concurrent VPN connections. We used guarddog and guidedog to set up most of the firewall, but guidedog doesn't know how to DNAT based on IP protocol, so we added an initialization script to run level 5 (below) to DNAT based on protocol. As I said, we're just perplexed as to why this would work for one user but not additional users. Any help will be greatly appreciated. /sbin/iptables -t nat -A ftolocal -p gre -j DNAT --to-destination 1.2.3.4 /sbin/iptables -t mangle -A ftolocal -p gre -j MARK --set-mark 1 /sbin/iptables -t nat -I PREROUTING 1 -p gre -j gforward - narti Have u tried to uses snat to do a direct translation to the MS
