Hi. My site configuration is as follows. LAN--->RHL 7.3 FW---->ADSL router---->INternet. I have currently a VPN server running inside the network, which when i dial into my LAN, i get as far as verifying user name & password to which "Error 721" comes up (i'm dialing in from home). Previously this worked when the red hat firewall was not in place so i know that its definately something to do with my IPTABLES configuration. So, basically i need for a request on ports 50,51,500 etc to hit my firewall(note: both eth1 & eth0 are on different subnets) , then be forwarded to my VPN server (192.168.) ANy help would be greatly appreciated. My IPtables config is as follows



Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere anywhere limit: avg 3/min bur st 3 LOG level warning prefix `INPUT packet died: '

Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
ACCEPT udp -- anywhere 192.168.0.73 udp dpt:isakmp
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:isakmp
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:re-mail-ck
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:51
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:1723
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:47
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.130 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '

Chain bad_packets (2 references)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: '
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
RETURN tcp -- anywhere anywhere

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: '
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere

Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere

Chain tcp_outbound (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nntp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:5190 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:4443 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1863 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere

Chain udp_outbound (1 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:4000 reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere