How to configure Iptables to access VPN behind NAT
My problem is how to configure iptables to give access from external (internet) to a VPN Server behind NAT running in a Win2000 Server.
I know I could run a VPN Server in the Linux Box, I hope to make that in the future but, unless a detailed and complete "how to" make all, that kind of solution it's not useful by now...
# The actual system:
- An Internet connection via DSL in to a Modem/Router, who have a internal IP 10.0.10.9
That Router are connected to a Switch, who have 2 Win Servers, one W2000 and another W2003.
The W2003 are PDC, with AD (Active Directory) and so one...
The W2000 are VPN Server.
Some users, who are in a specific group in AD, when are in the outside world, connect to the VPN, and log in to the network. When the connection are accepted and establish, they can remote connect to computers inside, run applications, etc., like when they are in Local Network.
The only port forward in Modem/Router is the 1723 from internet to W2000 (this is not really true, there are also some ports to the FTP server in W2003, but no any else port in the service of the VPN)
# The changed system:
When I insert the Linux Box between Modem/router and the Switch, changing the internal IP to a 192.168.1.1, connect to the eth0 who have the IP 192.168.1.2, and the eth1 connected to the switch with IP 10.0.10.9
The forward ports in Modem/Router are changed to the IP of eth0 of the Linux Box, and Linux Box Accept and Forward that ports to the Computers inside of the network.
I have the FORWARD active, Masquerade, etc...
The users inside the network don't "see" anything different, and all services run normally... Except VPN!!
I do some research in the Net, Already try to forward ( and -t nat -I PREROUTING) some ports like 42,47,88 and even 500.. no success..
I have already discovery and Try "modprobe ip_nat_pptp"..
can someone help me? What I need to put in Iptables ? Activate anything?
Thanks in advance.