Ran into this problem recently (search the archives about 1-2 weeks back). Drop ip_nat_* from the load unless you are routing those protocols to an internally NAT'd VPN server. Since your firewall is your VPN you do not need to route those. > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of A. Sayler > Sent: Saturday, December 04, 2004 4:30 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: PPTP Server and PPTP clients on a firewalled gateway > > Hi, > > If anybody might some insight into this problem I would certainly > appreciate it. > > I have multiple wireless clients that need access to outside corporate VPN > servers through my system. I also have a PPTP server listening on the > local gateway host for other users to connect to our internal network from > outside. > > I have a 2 NIC system. > > I have an internal interface of WLAN0 and the external interface of ETH0. > > I have made sure to load the following modules... > ip_conntrack_proto_gre > ip_conntrack_pptp > ip_nat_pptp > ip_nat_proto_gre > > I have added the following commands to the rest of my firewall rules > > iptables -I INPUT -p 47 -j ACCEPT > iptables -I INPUT -p tcp --dport 1723 -j ACCEPT > > iptables -I OUTPUT -p 47 -j ACCEPT > iptables -I OUTPUT -p tcp --dport 1723 -j ACCEPT > > iptables -I FORWARD -p 47 -j ACCEPT > iptables -I FORWARD -p tcp --dport 1723 -j ACCEPT > > iptables -I FILTER -p 47 -j ACCEPT > iptables -I FILTER -p tcp --dport 1723 -j ACCEPT > > I'm masquerading all connections out. > > currently the clients can get out and connect properly but the outside > clients trying to connect to our local system via the PPTP server on the > gateway box can not get a connection. > > I think it has something to do with how I'm routing the connection to the > local host but I'm not sure what I need to change. Or is this even > possible? > > Any thoughts? > > Thanks, > Adam
