Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-14-2005, 06:44 PM   #1
LQ Newbie
Registered: Jul 2005
Posts: 1

Rep: Reputation: 0
iptables routing for a win2k3 server

I am trying to get a debian machine that currently masquerades for the internal network to allow the win2k3 server inside the local network to serve as the vpn server for the incoming connections, but so far ive been unsuccessful.

I have tried quite a few things, such as

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d --dport 1723 -j DNAT --to
iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d --dport 47 -j DNAT --to

which gets me to verifying passwords, but then it hangs , and doesnt establish the tunnel. I have fiddled with postrouting rules (and fowarding udp 500), but neither have gotten me further from that point.

Anyway, Any ideas of what I could try to get this server to work with outside clients? The iptables version is 1.2.11, on debian 3.1 - Thanks
Old 07-15-2005, 01:52 AM   #2
Registered: Jan 2005
Location: Lviv, Ukraine
Distribution: Something self-made
Posts: 69

Rep: Reputation: 16
In your post I see rules routing only TO your server, and where is MASQUERADE for server replies? In server settings you should specify IP-address of your linux server ( as default gateway.
Old 07-15-2005, 05:54 AM   #3
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
what does your FORWARDING chain say?
Old 07-15-2005, 05:58 AM   #4
Senior Member
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
Re: iptables routing for a win2k3 server

Originally posted by dawime

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d --dport 47 -j DNAT --to
try :
iptables -t nat -A PREROUTING -p 47 -i eth0 -d -j DNAT --to

GRE is called protocol 47 not tcp port 47.

u dont have to use windows box for vpn server. check

good luck.

edit: im not sure if iptables supports protocol 47 for DNAT.

Last edited by maxut; 07-15-2005 at 06:03 AM.
Old 07-15-2005, 10:59 AM   #5
LQ Newbie
Registered: Sep 2003
Distribution: SuSE 9.1, 9.2, 9.3
Posts: 26

Rep: Reputation: 15
I have setup a VPN server on a SuSE-based firewall. My emphasis was to secure a wireless network that my management requires to be open. My article is at



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables routing CJ_Grobler Linux - Security 1 06-14-2005 02:13 AM
Routing with iptables logo Linux - Networking 4 11-01-2004 06:21 AM
iptables / routing hakcenter Linux - Networking 13 05-01-2003 04:16 AM
More Help routing with iptables LAR12345 Linux - Networking 2 02-02-2003 10:28 AM
routing with iptables Han_Solo Linux - Security 0 10-28-2001 06:04 PM

All times are GMT -5. The time now is 01:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration