Jan: Actually, I need the SNAT rule to make my remote users look like they are coming from the local network. For some reason, the Linksys does not respond to the connection unless I have that. Thanks, Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jan Engelhardt Sent: Tuesday, May 29, 2007 1:13 PM To: Neil Aggarwal Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: NAT rules for VPN only allowing one user? On May 29 2007 12:31, Neil Aggarwal wrote: >/sbin/iptables -t nat -A POSTROUTING -o eth1 > -d $LINKSYS_VPN_IP -p tcp --dport 1723 > -j SNAT --to-source $ETH1_IP This is redundant. >Either one of my remote users can connect to the VPN using >the Windows XP VPN client. But, if one of them is connected >and the other tries to connect, the second person gets to >the verifying username and password screen and then >gets an Error 619 that they are not able to connect. > >I think somehow the existing connection is mis-routing >the login for the second connection. > >Any ideas what could be going on? Use the holy tcpdump. Jan --
