iptables and pptp server problem

[Alexander Dalloz]

Am Mi, den 28.07.2004 schrieb Trevor um 19:24:

You "hijacked" a foreign thread, means your posting now appears as a
reply to "Re: Convert CDIR notation to IP range" which it isn't. So
please do not press reply to an existing list article when you want to
start a new topic. This is because the mail contains now referencing
header tags.

> I have a PPTP server inside (green) a network.  The old firewall was
> ipchains-based, and now it's iptables.  I can't seem to figure out how to
> route GRE (protocol 47) and 1723 so that it works.
> 
> I used ipfwd [http://catfish.csail.mit.edu/~cananian/Projects/IPfwd/] on the
> ipchains side and that worked, but it doesn't work anymore on the 2.4
> kernel.

portforwarding is now directly integrated into iptables.

> Internet -> 2.4/iptables firewall (204.xxx.xx.xx/192.168.0.x) -> PPTP VPN
> Server (192.168.0.x)
> 
> I've tried adding these lines to my firewall script:

The script is taken from

http://martybugs.net/smoothwall/vpn.cgi

which is for Smoothwall.

> With no success.  I suspect that it could be the mppe-ppp modules causing
> problems.  I'm sure that TCP/port 1723 is forwarding properly... but that's
> all I see when I do a "iptstate" when trying to connect.

Do you have Smoothwall installed or do you have any other iptables rules
active which may block previous to your VPN rules? Your host is directly
connected to the net through eth1?

> Trev.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
Serendipity 20:37:43 up 2 days, 5:44, load average: 1.07, 1.14, 1.15 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040728/5914b0cd/attachment-0001.sig>