Re: GRE, VPN and suchlike
Gregoire Hostettler wrote:
Thank you, Brendan,
This is a good starting point.
But will this package implement GRE (port 47) ? Just because I need to
install the Linmux box as a firewall.
In fact it is already a fw. What I need is just to make VPN encapsulated
packets to go through the firewall to the VPN server which is located
in the inside LAN.
If all you want to do is forward PPTP packets to an internal (public IP)
PPTP VPN server that's easy. Under kernel 2.4:
# For the initial PPTP authentication
iptables -A INPUT -p TCP -s <your VPN server> --dport 1723 -j ACCEPT
iptables -A INPUT -p TCP -d <your VPN server> --sport 1723 -j ACCEPT
# Then for forwarding GRE
iptables -A INPUT -p 47 -s <your VPN server> -j ACCEPT
iptables -A INPUT -p 47 -d <your VPN server> -j ACCEPT
If you want to masquerade PPTP packets to an internal (private IP) PPTP
server then read this howto:
However, this only covers kernels 2.0 and 2.2. I haven't tried doing
this under 2.4 yet.
And do I need samba ? I want to keep my Debian fw with as few daemons as
possible, as you can guess ;-)
You only need Samba if you want to provide Windows file and printer
sharing on the firewall itself. PPTP does not require Samba.
Anyway THANK YOU for your help !
No problems. Hope this helps!
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org