Re: pptp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


* Jason Opperisano <opie@xxxxxxxxxxx> [041015 11:15]:
> yes--if your are performing SNAT/MASQ for your entire internal network
> on your gateway, it won't work.  there is a PPTP conntrack and nat module
> in POM for this situation, but it will only compile against a 2.4 kernel.

Yes, I am performing MASQ for entire network. Is there no way I can get
it to work against 2.6 series? I will have a lot of troble downgrading
the kernel. It is a live server.

> one option would be to give the PPTP client a dedicated public IP and
> perform a one-to-one SNAT/DNAT for that client and allow TCP 1723 and
> IP protocol 47 outbound from that client and IP protocol 47 inbound to
> that client from the PPTP server.

Can you please give an example of this to be on safe side?  Is this something 
like,
* I add eth0:1 on Linux box and give it an public IP.
* redirect all traffic to that IP from ouside to the client having pptp 
client? Will something like below help,
iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 47 -j DNAT --to-destination 192.168.10.99
iptables -A PREROUTING -d <ext ip> -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.10.99

Respects,
Shantanu


[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux