Re: VPN & NAT

To: gtg166a@mail.gatech.edu
Cc: debian-user@lists.debian.org
Subject: Re: VPN & NAT
From: Darik Horn <dajhorn@vanadac.com>
Date: Mon, 22 Mar 2004 09:53:45 -0500
Message-id: <[🔎] 405EFDF9.3090903@vanadac.com>
In-reply-to: <[🔎] 200403211905.12068.gtg166a@mail.gatech.edu>
References: <[🔎] 200403211905.12068.gtg166a@mail.gatech.edu>

If you are running a PPTP VPN service, then your problem is with GREforwarding.

Ensure that the GRE kernel module is loaded, and then run something likethis:

# iptables -t nat -A PREROUTING -j DNAT i MyExternalInterface -p tcp--dport 1723 --to-destination MyPptpServer

# iptables -A FORWARD -j ACCEPT -i MyExternalInternface -m state --stateNEW -p tcp -d MyPptpServer --dport 1723

# iptables -A FORWARD -j ACCEPT -i MyExternalInterface -m state --stateNEW -p 47 -d MyPptpServer

# iptables -t nat -A PREROUTING -j DNAT -i MyExternalInterface -p 47 -jDNAT --to-destination MyPptpServer


# iptables -t nat -A POSTROUTING -j MASQUERADE -o MyExternalInterface

(Check the syntax of the example commands, it may be incorrect. YMMV.)

Also investigate the ipmasq package:

# apt-get install ipmasq

You can make these rules persistent by creating a RUL file in the'/etc/ipmasq/rules' directory.



Matt Peter wrote:

Hello All,
I'm currently attempting to get VPN (windows 2000 remote access)working through a nat setup. I'm having problems, and I know thereare some special things I need to setup to get this to work, but I'mhaving trouble finding a good guide to this process. Does anyonehave a resources they could point me to for setting this up? The boxis currently running stable (2.2), but I can upgrade to 2.4 is it'seasier to VPN over NAT running
Thanks in advance,

~ matt

Reply to:

References:
- VPN & NAT
  - From: Matt Peter <gtg166a@mail.gatech.edu>

Prev by Date: Re: VMware installation problem
Next by Date: Re: printer problems
Previous by thread: Re: VPN & NAT
Next by thread: SOLVED DSL Verizon.com
Index(es):
- Date
- Thread