* Jason Opperisano <opie@xxxxxxxxxxx> [041015 11:15]:
> yes--if your are performing SNAT/MASQ for your entire internal network
> on your gateway, it won't work. there is a PPTP conntrack and nat module
> in POM for this situation, but it will only compile against a 2.4 kernel.
Yes, I am performing MASQ for entire network. Is there no way I can get
it to work against 2.6 series? I will have a lot of troble downgrading
the kernel. It is a live server.
> one option would be to give the PPTP client a dedicated public IP and
> perform a one-to-one SNAT/DNAT for that client and allow TCP 1723 and
> IP protocol 47 outbound from that client and IP protocol 47 inbound to
> that client from the PPTP server.
Can you please give an example of this to be on safe side? Is this something
like,
* I add eth0:1 on Linux box and give it an public IP.
* redirect all traffic to that IP from ouside to the client having pptp
client? Will something like below help,
iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 47 -j DNAT --to-destination 192.168.10.99
iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.10.99
Respects,
Shantanu
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
