LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-17-2009, 08:24 PM   #1
abinf
LQ Newbie
 
Registered: Jul 2009
Location: Faro
Distribution: Fedora
Posts: 3

Rep: Reputation: 0
Unhappy How to configure Iptables to access VPN behind NAT


Hi,

My problem is how to configure iptables to give access from external (internet) to a VPN Server behind NAT running in a Win2000 Server.
I know I could run a VPN Server in the Linux Box, I hope to make that in the future but, unless a detailed and complete "how to" make all, that kind of solution it's not useful by now...

# The actual system:
- An Internet connection via DSL in to a Modem/Router, who have a internal IP 10.0.10.9
That Router are connected to a Switch, who have 2 Win Servers, one W2000 and another W2003.
The W2003 are PDC, with AD (Active Directory) and so one...
The W2000 are VPN Server.
Some users, who are in a specific group in AD, when are in the outside world, connect to the VPN, and log in to the network. When the connection are accepted and establish, they can remote connect to computers inside, run applications, etc., like when they are in Local Network.
The only port forward in Modem/Router is the 1723 from internet to W2000 (this is not really true, there are also some ports to the FTP server in W2003, but no any else port in the service of the VPN)

# The changed system:
When I insert the Linux Box between Modem/router and the Switch, changing the internal IP to a 192.168.1.1, connect to the eth0 who have the IP 192.168.1.2, and the eth1 connected to the switch with IP 10.0.10.9
The forward ports in Modem/Router are changed to the IP of eth0 of the Linux Box, and Linux Box Accept and Forward that ports to the Computers inside of the network.
I have the FORWARD active, Masquerade, etc...
The users inside the network don't "see" anything different, and all services run normally... Except VPN!!
I do some research in the Net, Already try to forward ( and -t nat -I PREROUTING) some ports like 42,47,88 and even 500.. no success..
I have already discovery and Try "modprobe ip_nat_pptp"..

can someone help me? What I need to put in Iptables ? Activate anything?

Thanks in advance.
 
Old 10-02-2009, 09:28 PM   #2
abinf
LQ Newbie
 
Registered: Jul 2009
Location: Faro
Distribution: Fedora
Posts: 3

Original Poster
Rep: Reputation: 0
2 months and half, no answer or sugestion
I found here a similar situation, but the solution doesn't work :/
Only the pptpproxy, give by zn99, works... but that it's not the solution to the real problem :/
 
  


Reply

Tags
behind, iptables, nat, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MS VPN access through iptables. ashwin_think Linux - Networking 2 10-13-2008 12:03 AM
Configure Iptables to accept remote http & ftp access m_abdelfattah Linux - Newbie 3 08-04-2008 06:36 AM
IPTABLES Interet access / VPN access vlady_s Linux - Newbie 2 01-24-2008 09:12 PM
How to access VPN + LAN in iptables Firewall pradeepjagtap Linux - Security 4 10-24-2006 01:08 AM
IPTABLES NAT Gateway, No Access from the inside? nweaver916 Linux - Networking 2 08-27-2004 04:46 PM


All times are GMT -5. The time now is 04:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration