LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables routing for a win2k3 server (http://www.linuxquestions.org/questions/linux-networking-3/iptables-routing-for-a-win2k3-server-343259/)

dawime 07-14-2005 07:44 PM

iptables routing for a win2k3 server
 
I am trying to get a debian machine that currently masquerades for the internal network to allow the win2k3 server inside the local network to serve as the vpn server for the incoming connections, but so far ive been unsuccessful.

I have tried quite a few things, such as

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d 68.165.xxx.xx --dport 1723 -j DNAT --to 192.168.10.26
iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d 68.165.xxx.xx --dport 47 -j DNAT --to 192.168.10.26

which gets me to verifying passwords, but then it hangs , and doesnt establish the tunnel. I have fiddled with postrouting rules (and fowarding udp 500), but neither have gotten me further from that point.

Anyway, Any ideas of what I could try to get this server to work with outside clients? The iptables version is 1.2.11, on debian 3.1 - Thanks

pvs 07-15-2005 02:52 AM

In your post I see rules routing only TO your server, and where is MASQUERADE for server replies? In server settings you should specify IP-address of your linux server (192.168.10.xxx) as default gateway.

Nathanael 07-15-2005 06:54 AM

what does your FORWARDING chain say?

maxut 07-15-2005 06:58 AM

Re: iptables routing for a win2k3 server
 
Quote:

Originally posted by dawime

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d 68.165.xxx.xx --dport 47 -j DNAT --to 192.168.10.26

try :
iptables -t nat -A PREROUTING -p 47 -i eth0 -d 68.165.xxx.xx -j DNAT --to 192.168.10.26

GRE is called protocol 47 not tcp port 47.

u dont have to use windows box for vpn server. check www.poptop.org

good luck.

edit: im not sure if iptables supports protocol 47 for DNAT.

lwfinger 07-15-2005 11:59 AM

I have setup a VPN server on a SuSE-based firewall. My emphasis was to secure a wireless network that my management requires to be open. My article is at http://www.linuxjournal.com/article/8126.

Larry


All times are GMT -5. The time now is 10:08 AM.