DNAT pptp to windows machine

Philip Craig philipc at snapgear.com
Wed Aug 3 08:25:02 CEST 2005


Ming-Ching Tiew wrote:
> As far as I know, PPTP connection tracking is for the PPTP client going
> through firewall, ie pptp masquerade. It is not needed for DNAT of PPTP 
> into a pptp server.

The PPTP connection tracking works for both clients and servers,
since after all, you need one of each to make a PPTP connection.

While you can get by without it for DNAT to a server, the PPTP
connection tracking allows you to automatically NAT the related
GRE connections, and you can use a conntrack state match to only
allow related GRE packets through the firewall.



More information about the netfilter mailing list