On Tuesday 28 May 2002 10:27 am, Miky J wrote: > I thought this rule was forwarding all the packets to my windows2k machine. > > iptables -t nat -A PREROUTING -s $internet -i eth0 -j DNAT --to > $vpncomp
This is a PREROUTING rule, not a FORWARDING rule. You need to make sure you are FORWARDING protocol 47 (GRE) through your firewall. This is not port 47, this is not TCP, this is not UDP, this is a different *protocol* number. You want something like: iptables -A FORWARD -p 47 -j ACCEPT (You might want to specify some interfaces, or some IP addresses as well, but it's the -p 47 which is the important bit). Antony.
