iptables and gre forwarding for pptp/vpn

iptables and gre forwarding for pptp/vpn

Post by Andrew Mille » Tue, 12 Jun 2001 23:58:32



Did you get this working with Win9x machines?.. I have it working with win2k
and NT machines but not win9x???.. when I run Tcpdump I see 1723 traffic go
through onto the internal interface but not GRE traffic...

Any ideas?

Thanks

-dan

-------------------------------------

-------------------------------------

The obvious thing is necessary to make iptables work with vpn, but it
took me a while to come up with it, so i hope this saves time for
someone with a linux firewall on their windows box.

/usr/local/bin/iptables -t nat -A PREROUTING -p 47 -i eth1 -j DNAT --to
10.0.0.2

 
 
 

iptables and gre forwarding for pptp/vpn

Post by Daniel Taton » Wed, 13 Jun 2001 00:09:03


Did you get this working with Win9x machines?.. I have it working with win2k
and NT machines but not win9x???.. when I run Tcpdump I see 1723 traffic go
through onto the internal interface but not GRE traffic...

Any ideas?

Thanks

-dan

-------------------------------------

-------------------------------------

The obvious thing is necessary to make iptables work with vpn, but it
took me a while to come up with it, so i hope this saves time for
someone with a linux firewall on their windows box.

/usr/local/bin/iptables -t nat -A PREROUTING -p 47 -i eth1 -j DNAT --to
10.0.0.2

 
 
 

iptables and gre forwarding for pptp/vpn

Post by Bo » Wed, 13 Jun 2001 03:28:31


On Mon, 11 Jun 2001 11:09:03 -0400, "Daniel Tatone"


>Did you get this working with Win9x machines?.. I have it working with win2k
>and NT machines but not win9x???.. when I run Tcpdump I see 1723 traffic go
>through onto the internal interface but not GRE traffic...

GRE is a different protocol from TCP. It is protocol 47.

Bob

"Beer is proof that God loves us and wants us to be happy."
--Benjamin Franklin

 
 
 

iptables and gre forwarding for pptp/vpn

Post by Daniel Taton » Wed, 13 Jun 2001 07:04:13


Indeed.. and TCPDUMP usually picks up GRE "protocol 47" packets as they flow
through... anyways.. how does that affect my siuation


> On Mon, 11 Jun 2001 11:09:03 -0400, "Daniel Tatone"

> >Did you get this working with Win9x machines?.. I have it working with
win2k
> >and NT machines but not win9x???.. when I run Tcpdump I see 1723 traffic
go
> >through onto the internal interface but not GRE traffic...

> GRE is a different protocol from TCP. It is protocol 47.

> Bob

> "Beer is proof that God loves us and wants us to be happy."
> --Benjamin Franklin

 
 
 

1. Howto configure iptables to forward PPTP to an internal VPN server

Hi,

I have a RedHat 7.1 (2.4. kernels) acting as a firewall for a private IP
network, the firewall is done with iptables.

I want to enable incoming Microsoft VPN connections to a Microsoft VPN
server that is behind the firewall (in a private networks address, the
firewall does NAT). How do I configure iptables to do that ? The port that
need to be forwarded is 1723 but then there is a GRE packet (IP Protocol 47)
that also needs to be forwarded. This involves no ports, so can it be
forwarded based on its protocol.

The reason I can't use Linux PPTP server (PopToPoP or whatever) is that I
have an internal ADSL card on the linux box, and it's driver is precompiled
so I cannot do anything with the kernel.

Regards,
                Petri

2. Compiling MySQL drops into kernel debugger

3. Forwarding GRE packets for VPN

4. Software Trouble Reports

5. VPN::PPTP > RH 2.4.* > IPTABLES

6. PPP Crisis! Parse Error in MAKE!??

7. M$ pptp vpn server behind Linux 2.4.18 iptables, please help

8. ISDN: How to get the MRU of configured interface?

9. PPTP VPN server on iptables firewall

10. problem with GRE and pptp on OpenBSD 3.2

11. PPTP Clients through 3.0 PF/NAT/GRE

12. Can't get GRE redirected to an internal PPtP server - help

13. PPTP/GRE masquerading in kernel 2.4.18 changed (since kernel 2.4.10)?