[ILUG] VPN Passthough - iptables
Declan Grady
declan at declangrady.com
Wed Jan 14 14:23:05 GMT 2009
Hi folks,
I need some help with my iptables stuff to allow VPN passthrough to a
windows server on my lan.
I've googled and tested & googled & tested, etc etc, but I'n not sure which
end my problem lies, or how to find out.
My setup is pretty simple. I have a fixed external IP.
DSL : eth1 on firewall, 192.168.1.x
LAN : eth0 on firewall, 192.168.0.x
On my lan is a windows server box with fixed IP, 192.168.0.x
All LAN is fixed IP, 192.168.0.xxx, and is natted for external browsing, etc
Now, I want to allow incoming VPN to the windows box for when some users are
out & about.
Best info I found so far (I think) was from
http://osdir.com/ml/debian.devel.firewall/2004-04/msg00098.html
which was this :
$VPN_SERVER is my fixed IP windows box
iptables -A INPUT -p 47 -j ACCEPT
iptables -t nat -A PREROUTING -p 47 -i eth1 -j DNAT --to $VPN_SERVER
iptables -A FORWARD -i eth1 -p 47 -d $VPN_SERVER -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1723 -j DNAT --to
$VPN_SERVER:1723
iptables -A FORWARD -i eth1 -p tcp -d $VPN_SERVER --dport 1723 -j ACCEPT
I guess I'm missing something, as it just times out trying to connect.
On the client end, I have a zyxel router (from ibb), so maybe I need to
configure that somehow to allow the 47 and 1723 stuff in & out as well ?
Any advise welcome !
Thanks,
Declan
More information about the ILUG
mailing list