Re: GRE, VPN and suchlike

[Brendan Lewis <blewis@zip.com.au>]

Hi Gregiore,

Gregoire Hostettler wrote:
> Thank you, Brendan,
>
> This is a good starting point.
>
> But will this package implement GRE (port 47) ? Just because I need to
> install the Linmux box as a firewall.
> In fact it is already a fw. What I need is just to make VPN encapsulated
> packets to go through the firewall to the VPN server which is located
> in the inside LAN.

If all you want to do is forward PPTP packets to an internal (public IP) 
PPTP VPN server that's easy. Under kernel 2.4:

# For the initial PPTP authentication
iptables -A INPUT -p TCP -s <your VPN server> --dport 1723 -j ACCEPT
iptables -A INPUT -p TCP -d <your VPN server> --sport 1723 -j ACCEPT

# Then for forwarding GRE
iptables -A INPUT -p 47 -s <your VPN server> -j ACCEPT
iptables -A INPUT -p 47 -d <your VPN server> -j ACCEPT

If you want to masquerade PPTP packets to an internal (private IP) PPTP 
server then read this howto:

http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html

However, this only covers kernels 2.0 and 2.2. I haven't tried doing 
this under 2.4 yet.

> And do I need samba ? I want to keep my Debian fw with as few daemons as
> possible, as you can guess ;-)

You only need Samba if you want to provide Windows file and printer 
sharing on the firewall itself. PPTP does not require Samba.

> Anyway THANK YOU for your help !

No problems. Hope this helps!

Brendan


--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org