iptables rules to connect through a linux firewall
Rob Sterenborg
rob at sterenborg.info
Thu Jan 26 22:45:21 CET 2006
> I'm trying to connect a windows XP client to a remote pptp server. I'm
> using windows XP at home on my home network which connects to the
> internet via a fedora linux firewall using iptables with nat.
>
> What iptables rules do I need to insert to allow this to happen. I
> guess I just need to forward packets.
$modprobe ip_nat_pptp
$modprobe ip_nat_proto_gre
$modprobe ip_conntrack_pptp
$modprobe ip_conntrack_proto_gre
$ipt -P FORWARD DROP
$ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$ipt -A FORWARD -m state --state NEW -i <if_lan> -o <if_inet> \
-s <net_lan> -p gre -j ACCEPT
$ipt -A FORWARD -m state --state NEW -i <if_lan> -o <if_inet> \
-s <net_lan> -p tcp --dport 1723 -j ACCEPT
$ipt -t nat -A POSTROUTING -o <if_inet> -s <net_lan> \
-j SNAT --to <inet_ip>
And don't forget to enable ip forwarding...
Gr,
Rob
More information about the netfilter
mailing list