Forwarding PPTP to an RRAS server behind the firewall.
Lee Packham
lpackham@mswinxp.net
06 Jul 2001 16:17:11 +0100
Yes, I have successfully done this!
echo "VPN Access"
iptables -t nat -A PREROUTING -p 47 -i ppp0 -j DNAT --to 192.168.2.1
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 1723 -j DNAT --to
192.168.2.1:1723
iptables -t nat -A PREROUTING -p udp -i ppp0 --sport 500 --dport 500 -j
DNAT --to 192.168.2.1:500
iptables -t nat -A PREROUTING -p udp -i ppp0 --sport 1701 --dport 1701
-j DNAT --to 192.168.2.1:1701
The source port matching is important for security...
On 06 Jul 2001 08:56:55 -0600, Jason D. Giesbrecht wrote:
> I have seen a few postings in regards to this previously but none that
> indicated anyone had any success with doing this. If anyone has
> successfully been able to forward incoming VPN connections to a
> Microsoft RRAS Server behind and iptables box, could you please include
> the rules that you use. Here is what I have been using to a small
> amount of success.
>
> Thanks,
> Jay
>
> # Port forward MS PPTP to Remote Access Server
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_IP --dport 1723 -j DNAT
> --to $INT_PPTP
> $IPTABLES -t nat -A PREROUTING -p udp -d $EXT_IP --dport 1723 -j DNAT
> --to $INT_PPTP