[mdlug] windows vpn server behind iptables.
Matthew Nelson
matt at aa-technology.com
Fri Jan 25 11:33:15 EST 2008
Greetings all,
I have a ms windows vpn server behind an ubuntu box using iptables as
the firewall. Specifically, I use arno's iptables script. i have
subsequently forwarded ports 1723 and 47 to the ip of the windows
server, but have not been able to connect successfully. the vpn itself
works, as i can connect to it fine from within the lan. it also works
if i eliminate the linux firewall and directly connect the windows
server to the internet. i am curious to know if anyone else has this
working, or if you could suggest the appropriate iptables commands that
would allow this to work.
I believe it might have something to do with the GRE protocol. I haven't
really used PREROUTING before, so I don't really have experience with
it. I've issued the following iptables commands after restarting the
script (per a few suggestions online) that worked for some folks, but
it's not working for me just yet:
Eth0 is the external(wan) interface.
192.168.1.5 is the windows box running the vpn server:
iptables -A FORWARD -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 1723 -j DNAT --to
192.168.1.5
iptables -A FORWARD -i eth0 -p 47 -j ACCEPT
iptables -t nat -A PREROUTING -p 47 -i eth0 -j DNAT --to 192.168.1.5
Based on information found here:
http://ubuntuforums.org/showthread.php?t=544947&page=2
Thanks,
Matt
More information about the mdlug
mailing list