Allowing PPTP to DMZ
Dimitri Yioulos
dyioulos at firstbhph.com
Tue Mar 15 14:30:28 CET 2005
Hello to all.
I have added Poptop (pptp server) to my firewall box, and am haapy to say
that it works great. One piece, though, that I haven't been able to figure
out is how to access servers sitting in the DMZ. Specifically, once the
pptp connection is made, I can ssh into, or access Web-based management
tools on, the servers on the LAN. However, I can't do those things for the
servers in the DMZ. Here are the rules for pptp as they currently stand:
IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 1723 -j ACCEPT
IPTABLES -A OUTPUT -o $INET_IFACE -p TCP --sport 1723 -j ACCEPT
IPTABLES -A INPUT -i $INET_IFACE -p 47 -j ACCEPT
IPTABLES -A OUTPUT -o $INET_IFACE -p 47 -j ACCEPT
IPTABLES -A FORWARD -s 192.168.100.0/22 -d 192.168.100.0/22 -j ACCEPT
I'm actually not sure if these are 100% correct, but they do work.
I'd really like to get the DMZ part down so that I can remotely manage these
machines.
As always, many thanks.
Dimitri
More information about the netfilter
mailing list