I thought this rule was forwarding all the packets to my windows2k machine.
iptables -t nat -A PREROUTING -s $internet -i eth0 -j DNAT --to $vpncomp
Do a specific rule would work better ?
Regards
High Speed <[EMAIL PROTECTED]> a �crit :
You need to forward IP protocol type 47 to your internal VPN server as well
(GRE)
>From: Miky J <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: I can't vpn !
>Date: Mon, 27 May 2002 18:25:36 +0200 (CEST)
>
>
> First thanx to everyone that helped me with the traceroute, i now
>understand much more how it works.
>Now i try to use vpn
>
>
>Internet
>windows2k
><----------->mylinuxfirewall<------------------------------------------------->remote
>windows station(nt4)
>
>To access the remote windows station i use these rules
># Allow vpn out
>iptables -A FORWARD -p tcp -s $local --sport 1024:65535 -d $internet
>--dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
>iptables -A FORWARD -p tcp -s $internet --sport 1723 -d $local --dport
>1024:65535 -m state --state ESTABLISHED -j ACCEPT
>iptables -A FORWARD -s $local -d $internet -m state --state
>ESTABLISHED,RELATED -j ACCEPT
>iptables -A FORWARD -s $internet -d $local -m state --state ESTABLISHED -j
>ACCEPT
>iptables -t nat -A POSTROUTING -s $local -o eth0 -j SNAT --to $extfw
>
>and it seems that it works
>
>From the remote station(nt4) i try to vpn my windows2k, i use these rules
># Allow VPN - in
>iptables -A FORWARD -p tcp -s $internet --sport 1024:65535 -d $local
>--dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
>iptables -A FORWARD -p tcp -s $local --sport 1723 -d $internet --dport
>1024:65535 -m state --state ESTABLISHED -j ACCEPT
>iptables -A FORWARD -s $internet -d $local -m state --state
>RELATED,ESTABLISHED -j ACCEPT
>iptables -A FORWARD -s $local -d $internet -m state --state ESTABLISHED -j
>ACCEPT
>
>iptables -t nat -A PREROUTING -s $internet -i eth0 -j DNAT --to $vpncomp
>
>but it definately doesn't work, i tried with tcpdump and iptraf to see if
>there was any incoming packets, but there isn't comming on eth0(external
>iface). I think nat is working because i can telnet port 25 of the
>windows2k machine.
>I tried ACCEPT as a default policy but doesn't work either, so i should
>conclude that it's a routing problem but since incoming smtp seems to be
>ok, i don't know what's wrong.
>Any ideas ?
>
>
>
>
>---------------------------------
>Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en fran�ais !
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en fran�ais !
