iptables routing for a win2k3 server
 

I am trying to get a debian machine that currently masquerades for the internal network to allow the win2k3 server inside the local network to serve as the vpn server for the incoming connections, but so far ive been unsuccessful.

I have tried quite a few things, such as

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d 68.165.xxx.xx --dport 1723 -j DNAT --to 192.168.10.26
iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d 68.165.xxx.xx --dport 47 -j DNAT --to 192.168.10.26

which gets me to verifying passwords, but then it hangs , and doesnt establish the tunnel. I have fiddled with postrouting rules (and fowarding udp 500), but neither have gotten me further from that point.

Anyway, Any ideas of what I could try to get this server to work with outside clients? The iptables version is 1.2.11, on debian 3.1 - Thanks

In your post I see rules routing only TO your server, and where is MASQUERADE for server replies? In server settings you should specify IP-address of your linux server (192.168.10.xxx) as default gateway.

what does your FORWARDING chain say?

Re: iptables routing for a win2k3 server
 

try :
iptables -t nat -A PREROUTING -p 47 -i eth0 -d 68.165.xxx.xx -j DNAT --to 192.168.10.26

GRE is called protocol 47 not tcp port 47.

u dont have to use windows box for vpn server. check www.poptop.org

good luck.

edit: im not sure if iptables supports protocol 47 for DNAT.

I have setup a VPN server on a SuSE-based firewall. My emphasis was to secure a wireless network that my management requires to be open. My article is at http://www.linuxjournal.com/article/8126.

Larry