* Jason Opperisano <opie@xxxxxxxxxxx> [041015 11:15]: > yes--if your are performing SNAT/MASQ for your entire internal network > on your gateway, it won't work. there is a PPTP conntrack and nat module > in POM for this situation, but it will only compile against a 2.4 kernel. Yes, I am performing MASQ for entire network. Is there no way I can get it to work against 2.6 series? I will have a lot of troble downgrading the kernel. It is a live server. > one option would be to give the PPTP client a dedicated public IP and > perform a one-to-one SNAT/DNAT for that client and allow TCP 1723 and > IP protocol 47 outbound from that client and IP protocol 47 inbound to > that client from the PPTP server. Can you please give an example of this to be on safe side? Is this something like, * I add eth0:1 on Linux box and give it an public IP. * redirect all traffic to that IP from ouside to the client having pptp client? Will something like below help, iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 47 -j DNAT --to-destination 192.168.10.99 iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.10.99 Respects, Shantanu
