[ale] PPTP -> iptables

Geoffrey esoteric at 3times25.net
Fri May 16 09:38:32 EDT 2003


Jerry Yu wrote:
> 	nothing out of ordinary.

Are you sure about that?  When I was using pptp with my previous 
employer I had to select a couple of kernel options, including:

CONFIG_IP_MASQUERADE_PPTP

It's been a while so things may have changed.  Further, I had to add 
some chains to deal with it as well.


$IPCHAINS -A forward -j MASQ   -p tcp -s ???.???.???.???/32 \
     -d $VPN_SVR/32 1723 -i $EXTERNAL_INTERFACE
$IPCHAINS -A output  -j ACCEPT -p tcp -s $IPADDR/24 \
     -d $VPN_SVR/32 1723 -i $EXTERNAL_INTERFACE
$IPCHAINS -A input   -j ACCEPT -p tcp -s $VPN_SVR/32 1723 \
     -d $IPADDR/24  -i $EXTERNAL_INTERFACE
$IPCHAINS -A forward -j MASQ   -p 47  -s ???.???.???.???/32      \
     -d $VPN_SVR/32      -i $EXTERNAL_INTERFACE
$IPCHAINS -A output  -j ACCEPT -p 47  -s $IPADDR/24 \
     -d $VPN_SVR/32      -i $EXTERNAL_INTERFACE
$IPCHAINS -A input   -j ACCEPT -p 47  -s $VPN_SVR/32     \
     -d $IPADDR/24  -i $EXTERNAL_INTERFACE

Now these are quite old, were talking 2.2.18 kernel, and I've not played 
with pptp for a while.

There's a how to on this though, you might check it out.

http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
http://en.tldp.org/HOWTO/VPN-HOWTO/x209.html
http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
http://en.tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html

Maybe that'll get you started.

> 
> On Fri, 16 May 2003, John Wells wrote:
> 
> #Anyone know what iptables module I need to load to support nat'd pptp?
> #
> #Keeping my fingers crossed that I don't have to do a recompile...
> #
> #Thanks,
> #John
> #
> #
> #
> #
> #_______________________________________________
> #Ale mailing list
> #Ale at ale.org
> #http://www.ale.org/mailman/listinfo/ale
> #
> 
> Jerry Yu				+1-404-487-8544 (O)
> systems engineer			jerry.yu at voicecom.com
> is support, voicecom, llc		www.voicecom.com
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> 

-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list