Re: Microsoft VPN behind IPTABLES firewall
I'm doing something very similar to what you want. Here are the rules I
use:
192.168.1.2 is the address of the Microsoft vpn server
$IPTABLES points to the iptables binary
$EXTERNALIF is the external interface
# vpn
$IPTABLES -A INPUT -p 47 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p 47 -i $EXTERNALIF -j DNAT --to
192.168.1.2
$IPTABLES -A FORWARD -i $EXTERNALIF -p 47 -d 192.168.1.2 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 1723 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -i $EXTERNALIF --dport 1723 -j
DNAT --to 192.168.1.2:1723
$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.1.2 --dport 1723
-j ACCEPT
Steve
On Wed, 2004-04-21 at 04:28, Bernhard Lukas wrote:
> Hello,
>
> we have a company firewall (iptables, Debian 3.0/Woody, 2.4.20 Kernel)
> and a VPN server (Microsoft VPN Server, Windows 2003 Server) behind the
> firewall.
>
> The firewall is called "spiderman" and the VPN server "batman".
> Clients (using Windows) should be able to use VPN from their homes.
> The Microsoft VPN Server is configured to use PPTP.
>
> This is the scenario I want to achieve:
>
> Windows Client ----> (( INTERNET )) ----> [spiderman] ----> [batman]
> 192.168.0.1 192.168.0.3
> (firewall) (vpn server)
>
> Windows Client ===================== VPN Connection ======> [batman]
>
>
> It is possible to connect from our internal network (192.168.0.x) to VPN
> servers outside our company network, so SNAT & forwarding of GRE traffic
> seems to work properly.
Reply to: