Find the answer to your Linux question:
Results 1 to 2 of 2
Ok, I'm very "green" with Linux but have decided to go with Debian because I love all the tools it comes with. Recentely I installed one as a router behind ...
  1. 03-22-2007 #1
    ryoku1023
    ryoku1023 is offline
    Just Joined!
    Join Date
    Mar 2007
    Posts
    1

    Talking PPTP Forwarding

    Ok, I'm very "green" with Linux but have decided to go with Debian because I love all the tools it comes with. Recentely I installed one as a router behind a Cisco Pix. I have everything setup to forward all port 1723 and protocol 47 traffic to my Windows server for a vpn connection. Below is my script that runs at startup, but when we try and connect, it just hangs at "verifying username and password." Using tcpdump I am getting nothing in the logs for the gre protocol forward.

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 1723 -j DNAT --to 192.168.$
    iptables -A PREROUTING -t nat -p gre -i eth0 -j DNAT --to-destination 192.168.4$

    iptables -A eth1-in --protocol 47 -i eth1 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 --protocol 47 -j DNAT --to 192.168.40.249

    I have done some research and found tools like ipfwd and pptpconfig, but it's all really confusing to me. Everything is done at a command prompt. Would it be easier to go through KDE instead? Any help would be amazing. Thanks in advance.
  2. 10-13-2008 #2
    ashwin_think
    ashwin_think is offline
    Just Joined!
    Join Date
    Sep 2008
    Posts
    3
    Hey,

    Tryout these rules, -

    iptables -t nat -I PREROUTING -p 47 -s $SOURCE-IP -d $PUBLIC-IP-OF-GATEWAY -j DNAT --to $INTERNAL-VPN-SERVER
    iptables -I FORWARD -p 47 -d $INTERNAL-VPN-SERVER -j ACCEPT
    iptables -t nat -I POSTROUTING -p 47 -d $INTERNAL-VPN-SERVER -j MASQUERADE

    What those three rules do is do a port forward for protocol 47. Note that you do not need the -s $SOURCE-IP section, it can be deleted.

    iptables -t nat -I PREROUTING -p tcp -d $PUBLIC-IP-OF-GATEWAY --dport 1723 -j DNAT --to $INTERNAL-VPN-SERVER:1723
    iptables -I FORWARD -p tcp -d $INTERNAL-VPN-SERVER --dport 1723 -j ACCEPT
    iptables -t nat -I POSTROUTING -p tcp -d $INTERNAL-VPN-SERVER --dport 1723 -j MASQUERADE

    Those rules port forward port 1723 to the local machine.

    iptables -I FORWARD -p 47 -j ACCEPT
    iptables -t nat -I POSTROUTING -p 47 -j MASQUERADE
    iptables -I FORWARD -p tcp -s $INTERNAL-VPN-SERVER -j ACCEPT
    iptables -t nat -I POSTROUTING -p tcp -s $INTERNAL-VPN-SERVER -j MASQUERADE


    Regards,
    Ashwin.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules