masquerade

qwertyjjj · 11-25-2012, 10:17 AM

This is my current routing:

Code:

[root ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
172.16.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun1
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
88.xxx.xxx.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         88.xxx.xxx.1    0.0.0.0         UG    0      0        0 eth0
[root ~]#

I want to add a 3rd network for use with a PPTP VPN.
What private LAN addresses can I use?
10.8.1.x?
How do I add that to the routing?

Also, I have this routing in ioptables, so how do I get the pptp port to be redirected?

Code:

-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 88.xxx.xxx.xx9
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

just add port 1723?
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 88.xxx.xxx.xx9:1723
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

qwertyjjj · 11-26-2012, 01:36 PM

anyone?

qwertyjjj · 11-28-2012, 11:59 AM

anyone?

routers · 11-30-2012, 04:02 AM

no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing

qwertyjjj · 12-02-2012, 04:37 AM

Quote:

Originally Posted by routers

no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing

it's a dedicated server though so I really need to use the routing.

routers · 12-03-2012, 08:17 AM

just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan

qwertyjjj · 12-03-2012, 01:40 PM

Quote:

Originally Posted by routers

just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan

I think that is there already:
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

Could this be a problem?
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT