LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-15-2005, 05:25 AM   #1
jobbe314
LQ Newbie
 
Registered: Jul 2005
Posts: 3

Rep: Reputation: 0
VPN gateway with linux BOX


hello,
i have 2 big problem:
1) I do not speak well English
2) I do not succeed to create one logon VPN through a linux gateway

this is my configuration:

CLIENT XP WINDOWS CLASS C 192.168.2.0/24
|
|
|
| ETH1 - SERVER LINUX FC3 192.168.2.1
| ETH0 - SERVER LINUX FC3 <PUBLIC_IP>
|
|
ADSL ROUTER
|
| INTERNET
|
REMOTE SERVER <RE.MO.TE.IP>

small iptables configuration SERVER LINUX FC3

iptables --flush
iptables -t nat --flush
iptables --delete-chain

echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_nat_ftp
modproble ip_conntrack_ftp

iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE

with this simple configuration the CLIENT XP do not succeed to create one logon VPN with the REMOTE SERVER....

if I add this line to the rules of iptbles:
iptables -t nat -A PREROUTING -d eth0 -p gre -j DNAT --to 192.168.2.2

the client with address 192.168.2.2 it succeeds to be connected !!!

how I can make why all succeed to be connected?

help me please
Paolo
 
Old 07-16-2005, 03:23 PM   #2
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
there are many things that could be wrong. Let's see.

You say that the router is able to connect to the VPN? That could be because the VPN client is "opening" a port that the server has to connect to. What are the rules you have for INPUT? (iptables -L INPUT -nv)

now that I'm checking your rules... what does the second rule mean? are you sure it's correct?
iptables -t nat -A PREROUTING -d eth0 -p gre -j DNAT --to 192.168.2.2

is it -i eth0?
 
Old 07-18-2005, 02:11 AM   #3
jobbe314
LQ Newbie
 
Registered: Jul 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Unhappy

>now that I'm checking your rules... what does the second rule mean? are you sure it's correct?
>iptables -t nat -A PREROUTING -d eth0 -p gre -j DNAT --to 192.168.2.2

>is it -i eth0?

yes, it's corrected.

when I add this line, client 192.168.2.2, works.

through tcpdump I see that packet GRE that arrive from the REMOTE SERVER do not come address to you in the correct way.

when I add the rule over, all the packages sell address you to address 192.168.2.2, for this reason the client 192.168.2.2 work !!!

help !!
 
Old 07-18-2005, 10:26 AM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
Ok... so you are able to connect client 192.168.2.2 if you use that rule in the firewall... if you don't, the connection fails, right?
 
Old 07-18-2005, 11:38 AM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
do iptables-save to list all active rules and POLICYs

There are 4 conntrack modules which handles the extra GRE traffic. They will need to be compiled into the kernel and iptables.
They come from the pptp_conntrack_nat patch at
http://www.netfilter.org/patch-o-mat...-conntrack-nat
 
Old 08-02-2005, 10:43 PM   #6
barf
LQ Newbie
 
Registered: Jun 2005
Location: Christchurch, New Zealand
Distribution: Slackware but I compile everything anyway
Posts: 1

Rep: Reputation: 0
hi jobbe

the standard FC kernels dont have the patch for correct NAT-ing of PPTP clients. its a tricky situation and you will need to patch the netfilter modules in the kernel and re-compile.

does anyone know of FC kernel RPMs that have this built in?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using a Linux box as a residential gateway on my LAN LordFett Linux - Newbie 9 12-21-2005 06:20 PM
Linux box as a gateway/router dooda5555 Linux - Networking 2 04-29-2005 02:06 PM
Linux box as Gateway to internet for Windows Network bickyz Linux - Networking 11 11-29-2004 07:06 PM
XP Box won't take DHCP information or an IP from Linux gateway Diademed Linux - Newbie 2 10-22-2004 06:47 PM
MS VPN Server behind linux gateway Adi285 Linux - Networking 1 08-31-2003 08:29 AM


All times are GMT -5. The time now is 02:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration