PPTP modules are included in FC3. You just need to load them. Do realize however, that PPTP/GRE connections are NOT considered safe. So it might be better to implement IPSEC, which only uses a single UDP port, but is a lot harder to set up in windows. For PPTP/GRE to work you need to add two rules: 1 for the PPTP connection (TCP Port 1723) and 1 for the GRE Protocol (IP proto 47). If you want your machine to connect to a PPTP server on the Internet, allow PPTP OUTBOUND towards that server and GRE INBOUND from that server. If you want a client on the Internet connect to your PPTP server, allow both PPTP and GRE INBOUND to your server. When you search the Internet better include GRE in your search. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Rob Sterenborg Sent: Tue 23-May-06 10:24 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Configuring netfilter for pptp connections On Tue, May 23, 2006 01:30, Harold Pritchett wrote: > Sorry if this is a FAQ. Searching the archives is very > difficult. > > I have a small LAN, connected to the Internet via a Red > Hat Fedora Core 3 firewall running netfilter. I would like > to run the Microsoft VPN software on a windows machine on this network and > connect to a VPN server located on the Internet side of the firewall. The > windows server uses NAT to connect to the Internet. > > I configured the VPN client while it was directly on the > Internet, and it works fine. When I try to connect from > behind the firewall it fails to connect. > > Searching for help on the Internet has not been very > productive. Everything I can find on the net is very old. Linux kernels 2.2 > and 2.4. I'm currently running 2.6.12 with iptables 1.2.11. >From this I take it that the PPTP server is not behind a NAT situation. You need to allow both port 1723/tcp and the GRE protocol (proto 47). You also may need to compile additional Netfilter PPTP modules if they are not included with your FC3 kernel. Gr, Rob
