First thanx to everyone that helped me with the traceroute, i now understand much more how it works.
Now i try to use vpn
Internet
windows2k <----------->mylinuxfirewall<------------------------------------------------->remote windows station(nt4)
To access the remote windows station i use these rules
# Allow vpn out
iptables -A FORWARD -p tcp -s $local --sport 1024:65535 -d $internet --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp -s $internet --sport 1723 -d $local --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -s $local -d $internet -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s $internet -d $local -m state --state ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s $local -o eth0 -j SNAT --to $extfw
and it seems that it works
From the remote station(nt4) i try to vpn my windows2k, i use these rules
# Allow VPN - in
iptables -A FORWARD -p tcp -s $internet --sport 1024:65535 -d $local --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp -s $local --sport 1723 -d $internet --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -s $internet -d $local -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s $local -d $internet -m state --state ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -s $internet -i eth0 -j DNAT --to $vpncomp
but it definately doesn't work, i tried with tcpdump and iptraf to see if there was any incoming packets, but there isn't comming on eth0(external iface). I think nat is working because i can telnet port 25 of the windows2k machine.
I tried ACCEPT as a default policy but doesn't work either, so i should conclude that it's a routing problem but since incoming smtp seems to be ok, i don't know what's wrong.
Any ideas ?
Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en fran�ais !
