Hi,
I am running an old computer as a router using Debian Sarge and kernel
2.6.10 kernel and iptables 1.2.11-10. Here is my setup:
CompR
,-----------.
(INTERNET) -->ppp0--->eth1 eth0 ---->SWITCH--->192.168.0.0/24
`-----------'
CompR(which contains eth0 and eth1) is the router computer (doing NAT or
IP masquerading) running iptables and doing masquerading. ppp0, the ADSL
modem, has my external internet address given by my ISP. eth1 is
192.168.2.10 and eth0 is 192.168.0.1. My LAN is 192.168.0.0/16.
Before I set up this computer I had a D-Link router in its place with
the option of VPN enabled. At that time, a Windows machine in my LAN was
able to connect to an external VPN server(at my university) using a VPN
client (Cisco's) and was able to sustain the connection.
After I set up my router computer(and removed D-Link router), the
Windows client can connect to the external VPN server but cannot sustain
the connection. The connection seems to be breaking multiple times every
hour. I have been trying various rules (searched from google) and have
this stanza relating to this in CompR's iptables rules set:
# --- IN ---
for VPNS in $VPN_SERVERS; do
$IPTABLES -A INPUT -p udp -s $VPNS \
-i $EXTIF --dport 500 -j ACCEPT
done
# --- OUT ---
for VPNS in $VPN_SERVERS; do
$IPTABLES -A OUTPUT -p udp -d $VPNS \
-o $EXTIF --dport 500 -j ACCEPT
done
$IPTABLES -A FORWARD -i ${EXTIF} -p tcp --dport 500 -j ACCEPT
$IPTABLES -A FORWARD -i ${EXTIF} -p udp --dport 500 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p udp -i ${EXTIF} \
--dport 500 -j DNAT --to-destination 192.168.0.15:500
After the Windows client (192.168.0.15) connects, I do not see any
traffic any 500 port when I use "iptables -nvL" command to see what is
going on in CompR. Looks like none of the above rules is accepting any
packets at all.