PPTP Server and PPTP clients on a firewalled gateway
Gary W. Smith
gary at primeexalia.com
Mon Dec 6 01:58:32 CET 2004
Ran into this problem recently (search the archives about 1-2 weeks
back). Drop ip_nat_* from the load unless you are routing those
protocols to an internally NAT'd VPN server. Since your firewall is
your VPN you do not need to route those.
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-
> bounces at lists.netfilter.org] On Behalf Of A. Sayler
> Sent: Saturday, December 04, 2004 4:30 PM
> To: netfilter at lists.netfilter.org
> Subject: PPTP Server and PPTP clients on a firewalled gateway
> If anybody might some insight into this problem I would certainly
> appreciate it.
> I have multiple wireless clients that need access to outside corporate
> servers through my system. I also have a PPTP server listening on the
> local gateway host for other users to connect to our internal network
> I have a 2 NIC system.
> I have an internal interface of WLAN0 and the external interface of
> I have made sure to load the following modules...
> I have added the following commands to the rest of my firewall rules
> iptables -I INPUT -p 47 -j ACCEPT
> iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
> iptables -I OUTPUT -p 47 -j ACCEPT
> iptables -I OUTPUT -p tcp --dport 1723 -j ACCEPT
> iptables -I FORWARD -p 47 -j ACCEPT
> iptables -I FORWARD -p tcp --dport 1723 -j ACCEPT
> iptables -I FILTER -p 47 -j ACCEPT
> iptables -I FILTER -p tcp --dport 1723 -j ACCEPT
> I'm masquerading all connections out.
> currently the clients can get out and connect properly but the outside
> clients trying to connect to our local system via the PPTP server on
> gateway box can not get a connection.
> I think it has something to do with how I'm routing the connection to
> local host but I'm not sure what I need to change. Or is this even
> Any thoughts?
More information about the netfilter