DNAT pptp to windows machine

Ming-Ching Tiew mingching.tiew at redtone.com
Wed Aug 3 08:11:09 CEST 2005

From: "J.T. Moore" <jtmoore at international-auto.com>

> You will need to DNAT inbound traffic to TCP port 1723 and the GRE
> protocol (IP Protocol 47). Any nat or conntracking of GRE requires the
> PPTP connection tracking and NAT helper patch for iptables and kernel
> pacth from the iptables patch-o-matic next generataion (pom-ng) extra's
> repository. This patch was recently broken on 2.6.11 and newer kernels,
> but the latest notes in netfilter-svn say that its been fixed and will work 
> on 2.6.11 and newer.

As far as I know, PPTP connection tracking is for the PPTP client going
through firewall, ie pptp masquerade. It is not needed for DNAT of PPTP 
into a pptp server.


