Hi folks,
I need some help with my iptables stuff to allow VPN passthrough to a
windows server on my lan.
I've googled and tested & googled & tested, etc etc, but I'n not sure which
end my problem lies, or how to find out.
My setup is pretty simple. I have a fixed external IP.
DSL : eth1 on firewall, 192.168.1.x
LAN : eth0 on firewall, 192.168.0.x
On my lan is a windows server box with fixed IP, 192.168.0.x
All LAN is fixed IP, 192.168.0.xxx, and is natted for external browsing, etc
Now, I want to allow incoming VPN to the windows box for when some users are
out & about.
Best info I found so far (I think) was from
http://osdir.com/ml/debian.devel.firewall/2004-04/msg00098.html
which was this :
$VPN_SERVER is my fixed IP windows box
iptables -A INPUT -p 47 -j ACCEPT
iptables -t nat -A PREROUTING -p 47 -i eth1 -j DNAT --to $VPN_SERVER
iptables -A FORWARD -i eth1 -p 47 -d $VPN_SERVER -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1723 -j DNAT --to
$VPN_SERVER:1723
iptables -A FORWARD -i eth1 -p tcp -d $VPN_SERVER --dport 1723 -j ACCEPT
I guess I'm missing something, as it just times out trying to connect.
On the client end, I have a zyxel router (from ibb), so maybe I need to
configure that somehow to allow the 47 and 1723 stuff in & out as well ?
Any advise welcome !
Thanks,
Declan
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
