Re: GRE, VPN and suchlike
It was sooooo simple !
Just use [iptables] ipchains to setup the rules and we have a nice
passthrough !
THANKS a lot, everything works perfectly now !
Greg
> Hi Gregiore,
>
> Gregoire Hostettler wrote:
> > Thank you, Brendan,
> >
> > This is a good starting point.
> >
> > But will this package implement GRE (port 47) ? Just because I need to
> > install the Linmux box as a firewall.
> > In fact it is already a fw. What I need is just to make VPN encapsulated
> > packets to go through the firewall to the VPN server which is located
> > in the inside LAN.
>
> If all you want to do is forward PPTP packets to an internal (public IP)
> PPTP VPN server that's easy. Under kernel 2.4:
>
> # For the initial PPTP authentication
> iptables -A INPUT -p TCP -s <your VPN server> --dport 1723 -j ACCEPT
> iptables -A INPUT -p TCP -d <your VPN server> --sport 1723 -j ACCEPT
>
> # Then for forwarding GRE
> iptables -A INPUT -p 47 -s <your VPN server> -j ACCEPT
> iptables -A INPUT -p 47 -d <your VPN server> -j ACCEPT
>
> If you want to masquerade PPTP packets to an internal (private IP) PPTP
> server then read this howto:
>
> http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html
>
> However, this only covers kernels 2.0 and 2.2. I haven't tried doing
> this under 2.4 yet.
>
> >
> > And do I need samba ? I want to keep my Debian fw with as few daemons as
> > possible, as you can guess ;-)
> >
>
> You only need Samba if you want to provide Windows file and printer
> sharing on the firewall itself. PPTP does not require Samba.
>
> > Anyway THANK YOU for your help !
>
> No problems. Hope this helps!
>
> Brendan
>
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: