router between eth0 <-> ppp0 (pptp connection)

jpifer · 03-10-2006, 02:02 PM

I'm trying to setup linux as a router instead of a MASQ/NAT over a VPN. Here
are the details:

I have an Fedora Core 3 machine running pptpclient.
I have pptp configured to do "LAN to LAN"
I have the FC3 machine set to act as a router:
/proc/sys/net/ipv4/ip_forward is set to 1
After I make the connection I do: iptables -F

When I try to use the connection the machine is still doing NAT.

So next I also do: iptables -t nat -F

Now that breaks it so other machines cannot access the remote network at all, even though the static routes are still in place. For example, I have a windows machine that can access the remote network before blowing the nat table away. After blowing the nat table away, if I do a tracert the tracert stops at the internal nic (eth0) of the pc with the vpn connection, that is also setup as a router. So it never does an routing.

I've also played with lots of different rules foud on the net for dealing with H323 over iptables and have had no success. I've also loaded ip_conntrack and that did not make a difference.

So the FC3 machine, with a connection to eth0 and ppp0, plus set to act as a router, does not appear to act as a router between eth0 and ppp0.

Is it possible to make it be a router between eth0 and ppp0 without masquerade? Just be a router....

To ask the question why? I have an IPPhone that does not work through iptables. I used to use IPCop as my firewall and connect to my company with branch office VPN. The IPPhone would connect once in a while at best, but was VERY unstable. Research showed the problem was iptables. I now have a hardware router that does branch office and the phone works pretty well. I want to try and get it to work with the above scenrio so I can take the phone with me on the road. I would like to pptp vpn using the wireless NIC. Then have the phone directly connected to the 10/100 NIC with a crossover cable. Maybe I'm in a dreamland and this is not possible, I don't know.

Any assistance is appreciated.

James

stress_junkie · 03-12-2006, 12:19 PM

If you are going to share a single Internet connection then you need NAT. If your ISP gives you only one address then that must be the address of the NAT router. You don't necessarily need to use a computer for this function. I'm using a nice little Linksys WRT54G router with built in 4 port switched hub. The Linksys does the NAT and it provides the DHCP addresses for the machines on my LAN. But whether you use a Linux machine or an appliance/router to do this you still need NAT.

jpifer · 03-12-2006, 12:57 PM

I think you're missing the point of my post. I'm not providing internet access. I'm trying to provide access to two private networks using Linux as the router. The difference is that one (my internal network) side is a typical NIC and the other side is through a vpn. So instead of a typical linux router, which might have eth0 and eth1, mine has eth0 and ppp0. I just want it to be a router netween those two interfaces.

Thanks,
James